Merge branch '3.4' into 4.3

javiereguiluz · javiereguiluz · commit 9aa8a27d359e · 2020-01-02T15:24:18.000+01:00
* 3.4:
  Add a note about voters with access_control
diff --git a/security/access_control.rst b/security/access_control.rst
@@ -173,6 +173,13 @@ options:
     can learn how to use your custom attributes by reading
     :ref:`security/custom-voter`.
 
+.. caution::
+
+    If you define both ``roles`` and ``allow_if``, and your Access Decision
+    Strategy is the default one (``affirmative``), then the user will be granted
+    access if there's at least one valid condition. If this behavior doesn't fit
+    your needs, :ref:`change the Access Decision Strategy <security-voters-change-strategy>`.
+
 .. tip::
 
     If access is denied, the system will try to authenticate the user if not
