I'm using SonataAdmin with sonata.admin.security.handler.role (so I don't use ACLs here).

I'm trying to restrict access to an object with a custom voter.

service

security.access.company_voter:
    class:      Application\...\Voter\CompanyVoter
    public:     false
    tags:
       - { name: security.voter }

voter Application...\Voter\CompanyVoter.php

#...
public function vote(TokenInterface $token, $object, array $attributes) 
{
    get_class($object);
}
#...

But I'm always getting an instance of Application\...\Voter\CompanyVoter instead of the expected object to restrict.

What can be the reason ?

Are you telling me that Sonata does not pass the object to isGranted() when using the role security handler ?

After hours of searching, I noticed that the object received is always NULL (get_class(NULL) returns the current class).

After days of seeking, It turns out that, as opposed to the ACL handler, the default implementation of the Role handler doesn't pass the current object to isGranted()

I had then to extend it.

See a nice monologue in my github issue for more detail.