Move access decision strategy section

wouterj · wouterj · commit acf66f9161ea · 2015-06-27T20:13:50.000+02:00
diff --git a/cookbook/security/voters.rst b/cookbook/security/voters.rst
@@ -149,86 +149,3 @@ and tag it as a ``security.voter``:
    configuration file (e.g. ``app/config/config.yml``). For more information
    see :ref:`service-container-imports-directive`. To read more about defining
    services in general, see the :doc:`/book/service_container` chapter.
-
-.. _security-voters-change-strategy:
-
-Changing the Access Decision Strategy
--------------------------------------
-
-In order for the new voter to take effect, you need to change the default access
-decision strategy, which, by default, grants access if *any* voter grants
-access.
-
-In this case, choose the ``unanimous`` strategy. Unlike the ``affirmative``
-strategy (the default), with the ``unanimous`` strategy, if only one voter
-denies access (e.g. the ``ClientIpVoter``), access is not granted to the
-end user.
-
-To do that, override the default ``access_decision_manager`` section of your
-application configuration file with the following code.
-
-.. configuration-block::
-
-    .. code-block:: yaml
-
-        # app/config/security.yml
-        security:
-            access_decision_manager:
-                # strategy can be: affirmative, unanimous or consensus
-                strategy: unanimous
-
-    .. code-block:: xml
-
-        <!-- app/config/security.xml -->
-        <config>
-            <!-- strategy can be: affirmative, unanimous or consensus -->
-            <access-decision-manager strategy="unanimous">
-        </config>
-
-    .. code-block:: php
-
-        // app/config/security.xml
-        $container->loadFromExtension('security', array(
-            // strategy can be: affirmative, unanimous or consensus
-            'access_decision_manager' => array(
-                'strategy' => 'unanimous',
-            ),
-        ));
-
-That's it! Now, when deciding whether or not a user should have access,
-the new voter will deny access to any user in the list of blacklisted IPs.
-
-Note that the voters are only called, if any access is actually checked. So 
-you need at least something like 
-
-.. configuration-block::
-
-    .. code-block:: yaml
-
-        # app/config/security.yml
-        security:
-            access_control:
-                - { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
-
-    .. code-block:: xml
-
-        <!-- app/config/security.xml -->
-        <config>
-            <access-control>
-               <rule path="^/" role="IS_AUTHENTICATED_ANONYMOUSLY" />
-            </access-control>
-        </config>
-
-    .. code-block:: php
-
-        // app/config/security.xml
-        $container->loadFromExtension('security', array(
-            'access_control' => array(
-               array('path' => '^/', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY'),
-            ),
-         ));
-
-.. seealso::
-
-    For a more advanced usage see
-    :ref:`components-security-access-decision-manager`.
diff --git a/cookbook/security/voters_data_permission.rst b/cookbook/security/voters_data_permission.rst
@@ -220,3 +220,85 @@ from the security context is called.
     }
 
 It's that easy!
+
+.. _security-voters-change-strategy:
+
+Changing the Access Decision Strategy
+-------------------------------------
+
+In order for the new voter to take effect, you need to change the default access
+decision strategy, which, by default, grants access if *any* voter grants
+access.
+
+In this case, choose the ``unanimous`` strategy. Unlike the ``affirmative``
+strategy (the default), with the ``unanimous`` strategy, if only one voter
+denies access (e.g. the ``ClientIpVoter``), access is not granted to the
+end user.
+
+To do that, override the default ``access_decision_manager`` section of your
+application configuration file with the following code.
+
+.. configuration-block::
+
+    .. code-block:: yaml
+
+        # app/config/security.yml
+        security:
+            access_decision_manager:
+                # strategy can be: affirmative, unanimous or consensus
+                strategy: unanimous
+
+    .. code-block:: xml
+
+        <!-- app/config/security.xml -->
+        <config>
+            <!-- strategy can be: affirmative, unanimous or consensus -->
+            <access-decision-manager strategy="unanimous">
+        </config>
+
+    .. code-block:: php
+
+        // app/config/security.xml
+        $container->loadFromExtension('security', array(
+            // strategy can be: affirmative, unanimous or consensus
+            'access_decision_manager' => array(
+                'strategy' => 'unanimous',
+            ),
+        ));
+
+That's it! Now, when deciding whether or not a user should have access,
+the new voter will deny access to any user in the list of blacklisted IPs.
+
+Note that the voters are only called, if any access is actually checked. So 
+you need at least something like 
+
+.. configuration-block::
+
+    .. code-block:: yaml
+
+        # app/config/security.yml
+        security:
+            access_control:
+                - { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
+
+    .. code-block:: xml
+
+        <!-- app/config/security.xml -->
+        <config>
+            <access-control>
+               <rule path="^/" role="IS_AUTHENTICATED_ANONYMOUSLY" />
+            </access-control>
+        </config>
+
+    .. code-block:: php
+
+        // app/config/security.xml
+        $container->loadFromExtension('security', array(
+            'access_control' => array(
+               array('path' => '^/', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY'),
+            ),
+         ));
+
+.. seealso::
+
+    For a more advanced usage see :ref:`components-security-access-decision-manager`.
