I'm working on a tool in which Administrator will be able to create group and assign rights/roles according to the existing entities. i.e, for a post entity, user can create / edit / delete / update ...
How to show all this possibilities for each entities ?
To sum up, I would like to have a grid with all possible rights whithout hardcoding it. This grid must be able to update when I add a new feature/entity.
Have you got an idea how to solve it ? I have look at ACL and Voters but I'm not sure this is a good way to do it.
I don't know if my explanation are understandable, let me know if it's not the case.
Edit 1 :
Actually I'm using FOSUserBundle and PUGXMultipleUser, to manage my user and group.
Related
On our company's Phabricator site, for example, I have an Approver select (dropdown) field that is part of the form when I create a new Task. I want only a specific group of people to be able to see this Approver field when someone creates a new Task or edits the Task. Is there any way to accomplish this?
You can create forms for creating maniphest tasks and pre fill them with values. Therefore go to https://<phabricator-uri/transactions/editengine/maniphest.task/ .
You can additionally set permissions to different groups to grant access to these forms.
For more details just read: https://secure.phabricator.com/book/phabricator/article/forms/
I've a project with a huge amount of data. I need to make query based on user role/group/permission. This means that a query like
$fooRepository = $this->getDoctrine()
->getManager()
->getRepository(Foo::class)
->findAll();
should return different records if done by a ROLE_SUPER_ADMIN or by ROLE_USER. Also, I need to filter record based on relations and so on.
I've different solution in mind:
inject user role inside the repository's query
create a role based repository
create a query for each role
Inject user role in repository's query
In this case each repository should be responsible to provide right data. This is a solution similar to this. In that solution record are filtered by tenant.
Create role based repository
In this case I'll need to create different repositories and instantiate them differently. But I don think this can be easy in doctrine? while I am writing, ... I am thinking this is an exaggerated solution.
Create queries for each roles
At the moment I think this is the more natural way to do queries. I just imagine that a repository should contain
+ findAllStuffForGuestRole()
+ findAllStuffForAdminRole()
Each time I need to add a query, I MUST create different queries.
I think Doctrine filters are the cleanest and the simplest way to solve your problem. See the documentation
This is actually very straight forward with Symfony/Doctrine. Here's a great page in the official docs that explains it better than I could: http://symfony.com/doc/current/doctrine/repository.html
Someone know any way to prevent the possibility of adding new record from lookup field?
I want that the users be able to choose only created records. but they couldn't create new from the lookUp.
thanks!
You need to create a security role for your users defining the permissions you want them to have. You will need to have CREATE permission turned off on the lookup entity you don't want them to create.
One source with further information about Security Roles is here:
http://crmbook.powerobjects.com/system-administration/business-administration/security-roles/
So let's say I have two tables: permissions, and sort of a join table between users and permissions that we'll call permission_list
permission_list has user_id and permission_id.
permission has the name of the permission and a keyname for use elsewhere in the code.
Now I have an assign permissions page, that currently uses a dropdown list of all the available permissions. What I want to have is a list of checkboxes, where permissions in the users list are checked already, and unchecking them removes those records, and checking new ones adds new records.
Does Symfony2 have a built-in way to go about this?
Does this answer your question How to render a checkbox that is checked by default with the symfony2 Form Builder?
Form Builder has a lot of great features that will help you accomplish what you are looking for.
That link references this link http://symfony.com/doc/current/book/forms.html that has a ton of info but he gives a good suggestion. Let me know if thats not clear enough.
im starting to implement some security features in my application. When initially trying to implement some ACL I came acress two questions I could not figure out:
Where to implement the setting of acl
I could do it in the controller action where my entities are created or on the entity itself with lifecyclecallbacks. For example I have a Group Entity which holds some Userentities. It is easier to set the view or edit access on a lifecyclecallback for all group entities. I would prefer to make my controller as slim as possible. Or is this a bad approach? I would need the security container in my entity. What is your approach to this?
How to check for related entities:
Extending my previous example, I have a Group and this group can hold some appointments. In my actions where the appointments are shown or edited, I only want to check for the group. This is mainly for using the "view" rights. Meaning if someone is in the Group which holds the appointment, the person should also be able to view the appointment. I would like to implement this with JMSExtraSecurityBundle and SecureParam, but I have no Idea how to do that.