You only see this problem with anonymous right now because it is the only token in the core that does not contain an actual user object. But in general, the contract is that a user must be castable to a string. So, you cannot rely on a user object even if the user is fully authenticated.
I guess this is a Twig only problem; maybe some type functions like is_string(), instancceof(), etc. should be added to Twig. Although voting short circuits by default, you're right it would indeed be inefficient, and as mentioned before you couldn't rely on the existence of the user object even if the token is fully authenticated. Kind regards, Johannes On 11 Jan., 19:59, Christophe COEVOET <[email protected]> wrote: > Hi > > Using the userin a template with anonymous authentication is a bit > problematic with the way it is implemented currently: if the user is > authenticated app.user will be an object and it will be a string > otherwise. This make it impossible to use a method of the object without > testing each time if the user is fully authenticated. > > Thus I don't know how the Security components handles the vote but it > seems inefficient to vote for the IS_FULLY_AUTHENTICATED role several > time in the template just because of this. The easy solution for this > would be to add a boolean parameter app.authenticated with this result > to vote only once for this. But it does not solve the problem of > requiring a test each time we need to access a property of the user. So > maybe the way anonymous users are handled should be changed. > > What is your feeling about that ? > > Regards > > -- > Christophe | Stof -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
