I'm beginning to use Symfony2 and I'm really enjoying it!
I have some questions for sure that you will help me easily!
When we use the security layer, the file security.yml we set the property access_control, usually something like this:
{Path: ^ / admin roles: ROLE_ADMIN}
Traditionally using php, my rule of access to the system I use 3 tables:
User - Users Table
Role - Roles Table
Resource - Resource Table
Permission - Grant Tables
Where, User has a role, and a permission is related to a role and a resource. To check whether the user has access to a resource, check the table permission.
Bringing Symfony2, the property "path" would be a resource and ROLE_ADMIN would be the role of the user.
How to do that security.yml, load the settings from the database. I searched the official documentation and found nothing.
For now, thanks
Actually, the way to "read" the path (in the security.yml file) is:
- { path: ^/this/(path|regex|here)$, roles: {CAN_BE_ACCESED_ONLY, BY_THESE_ROLES} }
now, from where do you know which user has which role?
From wherever you load your users.
e.g.:
public function getRoles()
{
return array('ROLE_USER');
}
Maybe you will find your answers here. It descripes how to load users from Database:
How to Load Security Users from the Database (the Entity Provider)
I would recommend to use FOSUserBundle. It is very easy to handle and helps you managing your Security in Symfony2
FOSUserBundle
Regards!
Related
I'm a newbie to symfony 4.2. and trying to create an authentication form to access a back-end. I am not using FosUserBundle.
So far i have an a access denial due to that the user has not admin permissions.
in my user table created with make:user, i have a column named "roles" which contains an empty array.
I guess it should contain something like 'ROLE_ADMIN' but i have no idea.
Any help is welcome. Thanks
You should take a look to the official documentation : https://symfony.com/doc/current/security.html
The column roles is an array in Doctrine, so serialized string in database, you can fill this with :
a:1:{i:0;s:10:"ROLE_ADMIN";}
This way your user will have admin role. Then you can manager the roles access in your security.yml file, according to documentation.
I have my roles defined as follows:
security:
role_hierarchy:
ROLE_PROFESSIONAL_SERVICES_MANAGER: [ROLE_USER, ROLE_SONATA_ADMIN, ROLE_BRANCH_ASSISTANT]
When I try to check for permissions in my controller as below:
if($securityContext->isGranted('ROLE_PROFESSIONAL_SERVICES_MANAGER'))
The returns false because the in the profiler, the permissions appear to have been saved as shown below therefore:
"ROLE_PROFESSIONAL_SERVICES_MANAGER: ROLE_USER, ROLE_SONATA_ADMIN, ROLE_BRANCH_ASSISTANT"
Anyone know how I can resolve this?
Roles are for users not the app.
With your code you are defining that a user with role ROLE_PROFFESSIONAL_SERVICES_MANAGER will have the roles ROLE_USER, ROLE_SONATA_ADMIN and ROLE_BRANCH_ASSISTANT.
But now you need to assign that role to a user and sign that user in.
When you call $securityContext->isGranted() what it does is get the token from your current logged in user (wich you can see in the profiler) and check the roles of that user from the token.
So you need to have a user with the proper role assigned signed in.
If your already using SonatAUserBundle or FOSUserBundle use that command to create a user easily: bin/console fos:user:create
Then assign it the proper roles:
app/console fos:user:promote nameOfYourUser ROLE_PROFFESSIONAL_SERVICES_MANAGER
If your app has no user management system have a look here: https://sonata-project.org/bundles/admin/master/doc/reference/security.html#user-management
I'm working in a project using Symphony 2. It is complex project and requires a lot security elements. I'm trying to create ACL to give or to revoke permission to the user but I have a problem: I don't know how I can obtain the permissions for a user. I need a best way to manage ACL permissions.
I need the permission level from modules to fields in the database and retrieve this permissions in the security module.
Now I have the system in 2 different databases and on one database I can't change anything, the other database contains all of my security tables and other things but I need to give permissions in those databases.
I was thinking of creating an external interface to manage the ACL but this would be the same as creating a replicate Symphony 2 ACL.
What is the best way to permissions management in the System using Symphony 2?
And
How I can check the permission to the field in the entity because the method isGranted in twig I think isn't the best way because it would query database for every field?
You need to set roles to users, it is all described here : http://symfony.com/doc/current/book/security.html#roles
Once your roles are defined, you can use them in your access control list, or in any controller/template with the isGranted method. This is a SF2 best practice, and as far as I know there is no performance issue with the isGranted method.
You can do this with multiple way, inside an action in a controller:
public function helloAction($name)
{
if (!$this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
throw $this->createAccessDeniedException();
}
// ...
}
Inside Twig:
{% if is_granted('ROLE_ADMIN') %}
Delete
{% endif %}
I am new to symfony,i am using FosUserBundle for user management now i want to do role management (managing role with separate table) with FosUserBundle and need to give access to user as per role assigned to him/her. Please suggest some good solution to achieve this functionality?
You can use user groups for set needed role for users. And check it with isGranted('ROLE') method in controller or in twig templates
You can check the documentation for the configuration of security.yml :
https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Resources/doc/index.md
Then after specifying your ROLES there in the hierarchy you can start giving access to specific roles in the access_control part of the security.yml configuration.
For some reasons you will want to check in the twig or in the controller there are also some function which allow you to check if the user is granted this or that Role with :
$this->container->get('security.context')->isGranted('YOUR_CUSTOM_ROLE');
or twig :
{%if is_granted('YOUR_CUSTOM_ROLE')%} /* show some custom data */ {%endif%}
You can add or remove roles from Users also using :
$user->removeRole('ROLE_ADMIN');
$user->addRole('YOUR_CUSTOM_ROLE');
$em->persist($user);
$em->flush();
This is mostly what you will need the roles for in general, access_control configuration, Twig checks, Controller Checks and Add/Remove Roles.
I want to check whether a user is logged before calling most of the methods in my web application. I don't know how to do that. I want something like before_filter in Ruby On Rails. I have checked the before filter in the symfony2 documentation but it does not help me. I need a real life example for the login.
This is the link I have checked. http://symfony.com/doc/current/cookbook/event_dispatcher/before_after_filters.html
There are a number of ways to handle access control in Symfony. The most basic is with URL matching, which is handy when you want to restrict access to a URL like /admin and anything that follows. This is configured in security.yml.
# app/config/security.yml
security:
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
This page shows the different ways to secure your application:
http://symfony.com/doc/current/book/security.html#access-control
There is even a way to secure any service even if it's not a controller:
http://symfony.com/doc/current/cookbook/security/securing_services.html