SensioFrameworkExtraBundle icon indicating copy to clipboard operation
SensioFrameworkExtraBundle copied to clipboard

Published 20 hours ago verified publisher icon sensiolabs

User attribute "user" cannot be defined as it collides with built-in security expression variables.

Open gurodrigues opened this issue 3 years ago • 3 comments

I just updated my symfony from 5.1 to 5.3 and I am getting the follow warning message:

sensio/framework-extra-bundle version 6.1.5

Controller argument "user" collided with the built-in security expression variables. The built-in values are being used for the @Security expression.

How to reproduce:

  1. Create UserController

  2. Add the annotation below in the UserController class or on the route function @Security("is_granted('ROLE_ADMIN')")

  3. Create a route with User $user as a parameter, like below: public function edit(Request $request, User $user)

If I remove the @Security or if i change the variable $user the warning message doesn't appear.

gurodrigues avatar Jun 23 '21 02:06 gurodrigues

This does seem a bit silly, I'm working on an application with hundreds of these controller parameters and it will be very tricky to update them all. Would be good to know if there is any likelihood that this can be solved in the framework at some point

chrs-myrs avatar Dec 21 '21 18:12 chrs-myrs

Hi there, I'm facing the same warning message. Should I rename variable $user to something else? Or a patch is planned?

Rgs,

lobodol avatar Apr 18 '22 10:04 lobodol

Currently it is necessary to change the $user variable name so this error does not occur

gurodrigues avatar Apr 18 '22 23:04 gurodrigues