API Platform for Symfony allows you to use Voters in order to grant or deny access to your ressources, as described in their docs.
However all example are using magic values, I would rather use class constants for this. Ex.
/**
* @ApiResource(
* itemOperations={
* "put"={"security"="is_granted(UserVoter::USER_EDIT, object)"},
* }
* )
*/
I've tried it using an "use" statement for the UserVoter class, App\Security\Voter\UserVoter::USER_EDIT as well as escaped App\\Security\\Voter\\UserVoter::USER_EDIT, however nothing was accepted by API Platform
How can I use class constants with security in API Platform?
Just to confirm to anyone wondering:
is_granted(constant('\\App\\Security\\Voter\\UserVoter::USER_EDIT'), object) works a treat