You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: core/security.md
+1-2Lines changed: 1 addition & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -103,8 +103,7 @@ In this example:
103
103
Available variables are:
104
104
105
105
* `user`: the current logged in object, if any
106
-
* `object`: the current resource, or collection of resources for collection operations
107
-
* `request` (only at the resource level): the current request
106
+
* `object`: the current resource class during denormalization, the current resource during normalization, or collection of resources for collection operations
108
107
109
108
Access control checks in the `security` attribute are always executed before the [denormalization step](serialization.md).
110
109
It means than for `PUT` or `PATCH` requests, `object` doesn't contain the value submitted by the user, but values currently stored in [the persistence layer](data-persisters.md).
0 commit comments