Additional little check to show how we're assumign the User object is the User entity

weaverryan · weaverryan · commit f8dd30f1f153 · 2015-05-25T19:12:55.000-04:00
diff --git a/cookbook/security/voters_data_permission.rst b/cookbook/security/voters_data_permission.rst
@@ -62,6 +62,7 @@ edit a particular object. Here's an example implementation::
     use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
     use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
     use Symfony\Component\Security\Core\User\UserInterface;
+    use AppBundle\Entity\User;
 
     class PostVoter implements VoterInterface
     {
@@ -118,6 +119,13 @@ edit a particular object. Here's an example implementation::
                 return VoterInterface::ACCESS_DENIED;
             }
 
+            // double-check that our User object is the entity we expect.
+            // It always will be, unless we've configured our security system
+            // in some other way.
+            if (!$user instanceof User) {
+                throw new \LogicException('The user is somehow not our User class!');
+            }
+
             switch($attribute) {
                 case self::VIEW:
                     // the data object could have for example a method isPrivate()
