Symfony2 Voter Access Decision Strategy Explained!
The voter access decision strategy can be set in your Symfony2 app/config/security.yml. You have the choice of 3 approaches (Unanimous, Affirmative, Consensus). Set your strategy to 1 of them 3.
# app/config/security.yml security: access_decision_manager: unanimous # Strategy can be: affirmative, unanimous or consensus strategy: unanimous
The approach of each is explained below.
- Unanimous = 1 single voter denies access.
- Affirmative = 1 single voter grants access.
- Consensus = Majority wins.
So in Unanimous, if a single voter denies access, all other voters decisions are overridden and the bottom line is you will be denied access. If however you use Affirmative, a single voter only needs to grant access to override and the regardless of how many voters block you, you will always be granted access so long as a single voter permits it. Consensus, lastly; will weigh up and balance the number of denies or accesses being granted and decide that with the most voters wins. To put the Consensus another way, if more than half the voters grant access, then you have access. If more than half the voters deny access, then access will be denied.
Remember to return 1 of the 3 access types, the choices you have are:
return VoterInterface::ACCESS_GRANTED; return VoterInterface::ACCESS_ABSTAIN; return VoterInterface::ACCESS_DENIED;
Abstain will be impartial when using the consensus strategy for your security configuration.
You can set your class to be used, and listened for by the voting service in your bundles config, like so:
# YourNamespace\YourBundle\Resources\config\services.yml ccdn_user_security.authorisation.voter: class: %ccdn_user_security.authorisation.voter.class% arguments: [@service_container, []] public: false tags: - { name: security.voter }
This is the better way to explain how Symfony 2 voters work. Thank you very much for this short but very useful article!