Question posted in 
I have a controller on which I have 2 routes created:
#[Route('/announcement/create', name: 'app_admin_restock_announcement_create'), IsGranted(RestockVoter::CREATE_RESTOCK)]
#[Route('/announcement/edit/{id}', name: 'app_admin_restock_announcement_edit'), IsGranted(RestockVoter::EDIT_RESTOCK, 'restockQueue')]
public function detail(
?RestockQueue $restockQueue,
...
The problem is user who can create can not edit.
When I debug on route app_admin_restock_announcement_create it goes to my custom voter and returns true. But at the same time it also return false and doesn’t go into the controller.
How can I manage this? If I don’t want to create separate controllers.
This is a temporary solution:
if (is_null($restockQueue)) {
$this->denyAccessUnlessGranted(RestockVoter::CREATE_RESTOCK);
} else {
$this->denyAccessUnlessGranted(RestockVoter::EDIT_RESTOCK, $restockQueue);
}
But I want it done only using PHP attributes.
2
Answers
This is not possible, because 2 isGranted Attributes are run at the same time on this controller.
You don’t need to create another controller, but you could solve the problem by creating another function and encapsulating the common logic in a third function, because the IsGranted attribute isn’t attached to the route but to the function, so your two IsGranted are sequenced one after the other.
Exemple
If you still want to use more than one IsGranted, you should know that by default all IsGranted must return "true" to continue. If you want to change this logic, you can change the access decision strategy