How to use the AccessDecisionManager in Symfony2 for authorization of arbitrary users?

Question

I\'d like to be able to verify whether or not attributes (roles) are granted to any arbitrary object implementing UserInterface in Symfony2. Is this possible?

Answer 1

This looks like an issue with the:

abstract class AbstractToken implements TokenInterface

Look at the constructor. Looks like roles are created on instantiation and not queried at run time.

public function __construct(array $roles = array())
{
    $this->authenticated = false;
    $this->attributes = array();

    $this->roles = array();
    foreach ($roles as $role) {
        if (is_string($role)) {
            $role = new Role($role);
        } elseif (!$role instanceof RoleInterface) {
            throw new \InvalidArgumentException(sprintf('$roles must be an array of strings, or RoleInterface instances, but got %s.', gettype($role)));
        }

        $this->roles[] = $role;
    }
}

Hence, the roles cannot change after the token has been created. I think the option is to write your own voter. I'm still looking around.