This code fragment correctly passes a `Task` object to the TaskVoter "by name": ```php // TaskController.php #[Route('/{task}', name: 'task_details', methods: ['GET'])] /* ↓↓↓↓ */ #[IsGranted(TaskVoter::ACCESS_TASK, 'task', 'No task found', 404)] public function taskDetails(Task $task): Response { // ... } // TaskVoter.php protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { if (TaskVoter::ACCESS_TASK === $attribute && $subject instanceof Task) { return $this->canAccessTask($subject, $token->getUser()); } } ``` This is pretty handy, although I cannot find documentation about it anywhere. I'd expect it in [(Security->Add Code to Deny Access) Securing Controllers and Other Code](https://symfony.com/doc/current/security.html#securing-controllers-and-other-code). It is used throughout [Voters->Setup: Checking for Access in a Controller](https://symfony.com/doc/current/security/voters.html#setup-checking-for-access-in-a-controller).