I am new to symfony,i am using FosUserBundle for user management now i want to do role management (managing role with separate table) with FosUserBundle and need to give access to user as per role assigned to him/her. Please suggest some good solution to achieve this functionality?
You can use user groups for set needed role for users. And check it with isGranted('ROLE') method in controller or in twig templates
You can check the documentation for the configuration of security.yml :
https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Resources/doc/index.md
Then after specifying your ROLES there in the hierarchy you can start giving access to specific roles in the access_control part of the security.yml configuration.
For some reasons you will want to check in the twig or in the controller there are also some function which allow you to check if the user is granted this or that Role with :
$this->container->get('security.context')->isGranted('YOUR_CUSTOM_ROLE');
or twig :
{%if is_granted('YOUR_CUSTOM_ROLE')%} /* show some custom data */ {%endif%}
You can add or remove roles from Users also using :
$user->removeRole('ROLE_ADMIN');
$user->addRole('YOUR_CUSTOM_ROLE');
$em->persist($user);
$em->flush();
This is mostly what you will need the roles for in general, access_control configuration, Twig checks, Controller Checks and Add/Remove Roles.
Related
I'm a newbie to symfony 4.2. and trying to create an authentication form to access a back-end. I am not using FosUserBundle.
So far i have an a access denial due to that the user has not admin permissions.
in my user table created with make:user, i have a column named "roles" which contains an empty array.
I guess it should contain something like 'ROLE_ADMIN' but i have no idea.
Any help is welcome. Thanks
You should take a look to the official documentation : https://symfony.com/doc/current/security.html
The column roles is an array in Doctrine, so serialized string in database, you can fill this with :
a:1:{i:0;s:10:"ROLE_ADMIN";}
This way your user will have admin role. Then you can manager the roles access in your security.yml file, according to documentation.
I have a simple project which does not require complicated ACL. Created a custom action in my custom controller that extends CRUDController, there I check the access like this:
$this->admin->checkAccess('verify', $object);
In templates I check access like:
{% if admin.isGranted('VERIFY', object) %}
My Admin user can have roles: ADMIN or SUPER_ADMIN.
Wouldn't it be better just to check the role instead:
$authorizationChecker->isGranted('SUPER_ADMIN');
{% is_granted('SUPER_ADMIN') %}
What's the big deal about using admin for access control? For me just checking if user is ADMIN or SUPER_ADMIN seems much easier.
The reason you want it to go via the 'admin' and not straight to the AuthorizationChecker is the following:
Sonata will take into account its settings, as you can change the security strategy used by sonata (noop, vs roles, vs acl, vs custom), without having to make changes to where you 'check' access.
does this explanation make sense?
I'm beginning to use Symfony2 and I'm really enjoying it!
I have some questions for sure that you will help me easily!
When we use the security layer, the file security.yml we set the property access_control, usually something like this:
{Path: ^ / admin roles: ROLE_ADMIN}
Traditionally using php, my rule of access to the system I use 3 tables:
User - Users Table
Role - Roles Table
Resource - Resource Table
Permission - Grant Tables
Where, User has a role, and a permission is related to a role and a resource. To check whether the user has access to a resource, check the table permission.
Bringing Symfony2, the property "path" would be a resource and ROLE_ADMIN would be the role of the user.
How to do that security.yml, load the settings from the database. I searched the official documentation and found nothing.
For now, thanks
Actually, the way to "read" the path (in the security.yml file) is:
- { path: ^/this/(path|regex|here)$, roles: {CAN_BE_ACCESED_ONLY, BY_THESE_ROLES} }
now, from where do you know which user has which role?
From wherever you load your users.
e.g.:
public function getRoles()
{
return array('ROLE_USER');
}
Maybe you will find your answers here. It descripes how to load users from Database:
How to Load Security Users from the Database (the Entity Provider)
I would recommend to use FOSUserBundle. It is very easy to handle and helps you managing your Security in Symfony2
FOSUserBundle
Regards!
I have an entity "Vehicles" which has ManyToOne connection with another entity - "Department". I could set "department" property to a user. I would like this user (who has ROLE_DEPARTMENT_MANAGER role), to be able to see (list, create, delete, etc.) only the vehicles from his own department.
When using Roles I could restrict access to specific actions. I think I should use ACL, but I am not sure how to do it and how Sonata Admin will behave.
I found similar question here, but nobody had answer it: Sonata Admin Bundle filter show entity from role user
Would you tell me how to do it in Sonata Admin Bundle.
You can customize the query used to generate the list in your VehicleAdmin class:
http://sonata-project.org/bundles/admin/master/doc/reference/action_list.html#customizing-the-query-used-to-generate-the-list
There is ROLES and access_control, hardcoded in security.yml. But i wanna have ability to change set of privileges given to certain roles, create new roles, and even give some role (which can be granted to user, who are not familiar with programming) ability to make same things.
Obviously, i must have ability to manage roles and access control from web-interface. And for that, i must store roles name and privileges, according to that role, in database.
How can i do that?
Thanks for answering!
Yes you can have basically have any role you want you just need to implement the interface Symfony\Component\Security\Core\User\UserInterface in your User entity and return the list of roles for that user in the getRoles() method.
If you haven't implemented the UserInterface in your User entity check the Symfony 2 Security documentation http://symfony.com/doc/current/book/security.html#loading-users-from-the-database
And also the UserInterface API for the getRoles() method specification.