From b11d1ca9ecb4c0032c25c904705af56a9db3061a Mon Sep 17 00:00:00 2001
From: "olivier.sorine" <olivier.sorine@openclassrooms.com>
Date: Wed, 25 Jun 2025 15:00:41 +0200
Subject: [PATCH] chores(security): add documentation about default roles

---
 docs/Interceptor/security.md | 37 ++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/docs/Interceptor/security.md b/docs/Interceptor/security.md
index 2e1a2ae..cfcf838 100644
--- a/docs/Interceptor/security.md
+++ b/docs/Interceptor/security.md
@@ -1,5 +1,42 @@
 # Security
 
+#[Security] attribute allows to check access.
+
+```php
+
+class AUseCase
+{
+    #[Security("is_granted('ROLE_1')")]
+    public function execute(UseCaseRequest $useCaseRequest)
+    {
+        // do things
+        
+        return $useCaseResponse;
+    }
+}
+```
+
+## Other options :
+
+```php
+
+// You can use expressions to combine multiple checks, for instance role or voter:
+#[Security("is_granted('ROLE_1') or is_granted('VOTER_1', request)")]
+
+// Beware of the following syntax
+#[Security]
+
+// If it precedes a method named execute, __invoke or __construct, it will be interpreted as following:
+#[Security("is_granted('ROLE_NAME_OF_CLASS_IN_SNAKE_CASE')")]
+public function execute(UseCaseRequest $useCaseRequest)
+
+// However, if it precedes a method with a different name, it will be interpreted as following:
+#[Security("is_granted('ROLE_NAME_OF_CLASS_IN_SNAKE_CASE_PROCESS_ORDER')")]
+public function processOrder(UseCaseRequest $useCaseRequest)
+// Note that ROLE contains class name AND method name in snake case
+
+```
+
 @Security annotation allows to check access.
 
 ```php