Fixed code examples in cookbook/security

Author: wouterj

cookbook/security/acl.rst

@@ -85,38 +85,44 @@ Creating an ACL, and adding an ACE
 
 .. code-block:: php
 
+    // src/Acme/DemoBundle/Controller/BlogController.php
+    namespace Acme\DemoBundle\Controller;
+
+    use Symfony\Bundle\FrameworkBundle\Controller\Controller;
     use Symfony\Component\Security\Core\Exception\AccessDeniedException;
     use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
     use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
     use Symfony\Component\Security\Acl\Permission\MaskBuilder;
-    // ...
-    
-    // BlogController.php
-    public function addCommentAction(Post $post)
-    {
-        $comment = new Comment();
 
-        // setup $form, and bind data
+    class BlogController
+    {
         // ...
 
-        if ($form->isValid()) {
-            $entityManager = $this->get('doctrine.orm.default_entity_manager');
-            $entityManager->persist($comment);
-            $entityManager->flush();
+        public function addCommentAction(Post $post)
+        {
+            $comment = new Comment();
 
-            // creating the ACL
-            $aclProvider = $this->get('security.acl.provider');
-            $objectIdentity = ObjectIdentity::fromDomainObject($comment);
-            $acl = $aclProvider->createAcl($objectIdentity);
+            // ... setup $form, and bind data
 
-            // retrieving the security identity of the currently logged-in user
-            $securityContext = $this->get('security.context');
-            $user = $securityContext->getToken()->getUser();
-            $securityIdentity = UserSecurityIdentity::fromAccount($user);
+            if ($form->isValid()) {
+                $entityManager = $this->get('doctrine.orm.default_entity_manager');
+                $entityManager->persist($comment);
+                $entityManager->flush();
+
+                // creating the ACL
+                $aclProvider = $this->get('security.acl.provider');
+                $objectIdentity = ObjectIdentity::fromDomainObject($comment);
+                $acl = $aclProvider->createAcl($objectIdentity);
 
-            // grant owner access
-            $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
-            $aclProvider->updateAcl($acl);
+                // retrieving the security identity of the currently logged-in user
+                $securityContext = $this->get('security.context');
+                $user = $securityContext->getToken()->getUser();
+                $securityIdentity = UserSecurityIdentity::fromAccount($user);
+
+                // grant owner access
+                $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
+                $aclProvider->updateAcl($acl);
+            }
         }
     }
 
@@ -147,19 +153,26 @@ Checking Access
 
 .. code-block:: php
 
-    // BlogController.php
-    public function editCommentAction(Comment $comment)
+    // src/Acme/DemoBundle/Controller/BlogController.php
+
+    // ...
+
+    class BlogController
     {
-        $securityContext = $this->get('security.context');
+        // ...
 
-        // check for edit access
-        if (false === $securityContext->isGranted('EDIT', $comment))
+        public function editCommentAction(Comment $comment)
         {
-            throw new AccessDeniedException();
-        }
+            $securityContext = $this->get('security.context');
 
-        // retrieve actual comment object, and do your editing here
-        // ...
+            // check for edit access
+            if (false === $securityContext->isGranted('EDIT', $comment))
+            {
+                throw new AccessDeniedException();
+            }
+
+            // ... retrieve actual comment object, and do your editing here
+        }
     }
 
 In this example, we check whether the user has the ``EDIT`` permission.

cookbook/security/custom_authentication_provider.rst

@@ -300,7 +300,8 @@ create a class which implements
         }
 
         public function addConfiguration(NodeDefinition $node)
-        {}
+        {
+        }
     }
 
 The :class:`Symfony\\Bundle\\SecurityBundle\\DependencyInjection\\Security\\Factory\\SecurityFactoryInterface`
@@ -500,15 +501,14 @@ the ``addConfiguration`` method.
 
     class WsseFactory implements SecurityFactoryInterface
     {
-        # ...
+        // ...
 
         public function addConfiguration(NodeDefinition $node)
         {
           $node
             ->children()
-              ->scalarNode('lifetime')->defaultValue(300)
-            ->end()
-          ;
+            ->scalarNode('lifetime')->defaultValue(300)
+            ->end();
         }
     }
 
@@ -528,10 +528,10 @@ in order to put it to use.
                 ->setDefinition($providerId,
                   new DefinitionDecorator('wsse.security.authentication.provider'))
                 ->replaceArgument(0, new Reference($userProvider))
-                ->replaceArgument(2, $config['lifetime'])
-            ;
+                ->replaceArgument(2, $config['lifetime']);
             // ...
         }
+
         // ...
     }
 
@@ -559,4 +559,4 @@ The rest is up to you! Any relevant configuration items can be defined
 in the factory and consumed or passed to the other classes in the container.
 
 .. _`WSSE`: http://www.xml.com/pub/a/2003/12/17/dive.html
-.. _`nonce`: http://en.wikipedia.org/wiki/Cryptographic_nonce
+.. _`nonce`: http://en.wikipedia.org/wiki/Cryptographic_nonce

cookbook/security/custom_provider.rst

@@ -126,11 +126,12 @@ Here's an example of how this might look::
         public function loadUserByUsername($username)
         {
             // make a call to your webservice here
-            // $userData = ...
+            $userData = ...
             // pretend it returns an array on success, false if there is no user
 
             if ($userData) {
-                // $password = '...';
+                $password = '...';
+
                 // ...
 
                 return new WebserviceUser($username, $password, $salt, $roles)
@@ -262,4 +263,4 @@ options, the password may be encoded multiple times and encoded to base64.
                     encode_as_base64: false
                     iterations: 1
 
-.. _MessageDigestPasswordEncoder: https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php
+.. _MessageDigestPasswordEncoder: https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php

cookbook/security/entity_provider.rst

@@ -43,7 +43,6 @@ focus on the most important methods that come from the
 .. code-block:: php
 
     // src/Acme/UserBundle/Entity/User.php
-
     namespace Acme\UserBundle\Entity;
 
     use Doctrine\ORM\Mapping as ORM;
@@ -200,7 +199,6 @@ then be checked against our User entity records in the database:
     .. code-block:: yaml
 
         # app/config/security.yml
-
         security:
             encoders:
                 Acme\UserBundle\Entity\User:
@@ -267,16 +265,15 @@ For this example, the first three methods will return ``true`` whereas the
 .. code-block:: php
 
     // src/Acme/UserBundle/Entity/User.php
-
     namespace Acme\Bundle\UserBundle\Entity;
 
     // ...
     use Symfony\Component\Security\Core\User\AdvancedUserInterface;
 
-    // ...
     class User implements AdvancedUserInterface
     {
         // ...
+
         public function isAccountNonExpired()
         {
             return true;
@@ -325,7 +322,6 @@ The code below shows the implementation of the
 ``UserRepository`` class::
 
     // src/Acme/UserBundle/Entity/UserRepository.php
-
     namespace Acme\UserBundle\Entity;
 
     use Symfony\Component\Security\Core\User\UserInterface;
@@ -421,12 +417,11 @@ more users. As a group is also a role, the previous ``getRoles()`` method now
 returns the list of related groups::
 
     // src/Acme/UserBundle/Entity/User.php
-
     namespace Acme\Bundle\UserBundle\Entity;
 
     use Doctrine\Common\Collections\ArrayCollection;
-
     // ...
+
     class User implements AdvancedUserInterface
     {
         /**
@@ -455,6 +450,7 @@ important thing to notice is that the ``AcmeUserBundle:Group`` entity class
 implements the :class:`Symfony\\Component\\Security\\Core\\Role\\RoleInterface`
 that forces it to have a ``getRole()`` method::
 
+    // src/Acme/Bundle/UserBundle/Entity/Group.php
     namespace Acme\Bundle\UserBundle\Entity;
 
     use Symfony\Component\Security\Core\Role\RoleInterface;
@@ -511,7 +507,6 @@ relationship in the ``UserRepository::loadUserByUsername()`` method. This will
 fetch the user and his associated roles / groups with a single query::
 
     // src/Acme/UserBundle/Entity/UserRepository.php
-
     namespace Acme\Bundle\UserBundle\Entity;
 
     // ...
@@ -527,8 +522,7 @@ fetch the user and his associated roles / groups with a single query::
                 ->where('u.username = :username OR u.email = :email')
                 ->setParameter('username', $username)
                 ->setParameter('email', $username)
-                ->getQuery()
-            ;
+                ->getQuery();
 
             // ...
         }

cookbook/security/form_login.rst

@@ -149,7 +149,7 @@ the following config:
         $container->loadFromExtension('security', array(
             'firewalls' => array(
                 'main' => array('form_login' => array(
-                    // ...
+                    ...,
                     'default_target_path' => '/admin',
                 )),
             ),
@@ -193,7 +193,7 @@ of what URL they had requested previously by setting the
         $container->loadFromExtension('security', array(
             'firewalls' => array(
                 'main' => array('form_login' => array(
-                    // ...
+                    ...,
                     'always_use_default_target_path' => true,
                 )),
             ),
@@ -235,7 +235,7 @@ this by setting ``use_referer`` to true (it defaults to false):
         $container->loadFromExtension('security', array(
             'firewalls' => array(
                 'main' => array('form_login' => array(
-                    // ...
+                    ...,
                     'use_referer' => true,
                 )),
             ),
@@ -271,7 +271,7 @@ redirect to the URL defined by some ``acount`` route, use the following:
 
     .. code-block:: html+php
 
-        <?php // src/Acme/SecurityBundle/Resources/views/Security/login.html.php ?>
+        <!-- src/Acme/SecurityBundle/Resources/views/Security/login.html.php -->
         <?php if ($error): ?>
             <div><?php echo $error->getMessage() ?></div>
         <?php endif; ?>
@@ -364,7 +364,7 @@ following config:
         $container->loadFromExtension('security', array(
             'firewalls' => array(
                 'main' => array('form_login' => array(
-                    // ...
+                    ...,
                     'failure_path' => login_failure,
                 )),
             ),

cookbook/security/remember_me.rst

@@ -18,7 +18,6 @@ are shown here:
     .. code-block:: yaml
 
         # app/config/security.yml
-
         firewalls:
             main:
                 remember_me:
@@ -30,7 +29,6 @@ are shown here:
     .. code-block:: xml
 
         <!-- app/config/security.xml -->
-
         <config>
             <firewall>
                 <remember-me
@@ -45,7 +43,6 @@ are shown here:
     .. code-block:: php
 
         // app/config/security.php
-
         $container->loadFromExtension('security', array(
             'firewalls' => array(
                 'main' => array('remember_me' => array(
@@ -88,7 +85,7 @@ might ultimately look like this:
 
     .. code-block:: html+php
 
-        <?php // src/Acme/SecurityBundle/Resources/views/Security/login.html.php ?>
+        <!-- src/Acme/SecurityBundle/Resources/views/Security/login.html.php -->
         <?php if ($error): ?>
             <div><?php echo $error->getMessage() ?></div>
         <?php endif; ?>
@@ -158,14 +155,14 @@ In the following example, the action is only allowed if the user has the
 
 .. code-block:: php
 
-    use Symfony\Component\Security\Core\Exception\AccessDeniedException
     // ...
+    use Symfony\Component\Security\Core\Exception\AccessDeniedException
 
     public function editAction()
     {
         if (false === $this->get('security.context')->isGranted(
             'IS_AUTHENTICATED_FULLY'
-        )) {
+           )) {
             throw new AccessDeniedException();
         }