[SOLVED] Symfony Voter constant usages

Symfony Voter constant usages

I defined a voter, especially voteOnAttribute method like following :

 public function voteOnAttribute($attributes, $subject, TokenInterface $token) {

        $user = $token->getUser();

        if (!$user instanceof User) {
            return false;
            // return static::ACCESS_DENIED
        }
        if(!$subject instanceof PrivateResource) {
            throw new Exception('Media type mismatch : private resource expected here');
        }

        // Check company is elligible here
        if(!$subject->getCompanies()->contains($user->getCompany())){
            return false;
            // return static::ACCESS_DENIED
        }

        return static::ACCESS_GRANTED;
    }

Why can't I use VoterInterface constants (ACCESS_GRANTED, ACCESS_ABSTAIN, ACCESS_DENIED) in my method ?

If I do so, the access denied decision is not enforced because of method vote in abstract class Voter :

public function vote(TokenInterface $token, $subject, array $attributes)
    {
        // abstain vote by default in case none of the attributes are supported
        $vote = self::ACCESS_ABSTAIN;

        foreach ($attributes as $attribute) {
            if (!$this->supports($attribute, $subject)) {
                continue;
            }

            // as soon as at least one attribute is supported, default is to deny access
            $vote = self::ACCESS_DENIED;

            if ($this->voteOnAttribute($attribute, $subject, $token)) {
                // grant access as soon as at least one attribute returns a positive response
                return self::ACCESS_GRANTED;
            }
        }

        return $vote;
    }

As ACCESS_DENIED constant is set to -1 in VoterInterface, the if ($this->voteOnAttribute($attribute, $subject, $token)) condition is true, even if return is -1.

What am I mistaking here? Are those constants planned to be use in our custom voteOnAttribute methods ?

Note : I set the voter strategy to unanimous in security.yml

Solution

First I thought that I missunderstood the documentation.

But there is a difference in the documentation between the symfony versions

extending Voter or implementing VoterInterface
returning true or false
https://symfony.com/doc/current/security/voters.html
implementing VoterInterface
returning constants ACCESS_*
outdated for symfony > 2.5
https://symfony.com/doc/2.4/cookbook/security/voters_data_permission.html

assuming you are using symfony >= 2.7 you should return boolean values in voteOnAttribute