Understanding @ParamConverter & @security annotations

问题

I'm newing developing with symfony4. I'm trying to allow a user edit is own profile. I'm wondering about how can i allow a user to edit his "id" but not others id's from other users. This is my security.yaml

access_control:
     - { path: ^/hardware, roles: ROLE_USER }
     - { path: ^/my, roles: ROLE_USER }
     - { path: ^/settings, roles: ROLE_ADMIN }

And this is my specific controller for the action. As i read in order to do this action i must use at least the @security param and could be helpful the @ParamConverter. Any tip?

**
 * @Route("/my/password/{id}", name="edit_password", methods="GET|POST")
 * @ParamConverter("id", class="App:User")
 * @Security("user.getId() == 'id'")
 */
public function editUser(Request $request, User $user, UserPasswordEncoderInterface $passwordEncoder): Response
{

回答1:

Could you try that?

/**
 * @Route("/my/password/{id}", name="edit_password",methods="GET|POST")
 * @ParamConverter("id", class="App:User")
 * @Security("user.getId() == editUser.getId()")
 */
public function editUser(Request $request, User $editUser, UserPasswordEncoderInterface $passwordEncoder): Response
{

来源：https://stackoverflow.com/questions/50716416/understanding-paramconverter-security-annotations