I use symfony2 and also I integrated FOSUserBundle. But, I see that user's roles are stored in an array. I want to add more types user's roles, and for every user it will correspond only a user role type.
For example for this problem I found this solution:
1) Create a table 'user_roles', where it can be find all user role types.
2) Between 'user' tabel and 'user_roles' tabel, it will exist a relation created by the 'role' field.
How can I do that using FOSUserBundle given that the 'user' tabel from FOSUserBundle has a 'role' field that keep an array of roles types.
Role management in FOSUserBundle is the same as Symfony. You can read the documentation here.
You define your roles in your security.yml in a hierarchical way.
Related
I'm a newbie to symfony 4.2. and trying to create an authentication form to access a back-end. I am not using FosUserBundle.
So far i have an a access denial due to that the user has not admin permissions.
in my user table created with make:user, i have a column named "roles" which contains an empty array.
I guess it should contain something like 'ROLE_ADMIN' but i have no idea.
Any help is welcome. Thanks
You should take a look to the official documentation : https://symfony.com/doc/current/security.html
The column roles is an array in Doctrine, so serialized string in database, you can fill this with :
a:1:{i:0;s:10:"ROLE_ADMIN";}
This way your user will have admin role. Then you can manager the roles access in your security.yml file, according to documentation.
I am new to symfony,i am using FosUserBundle for user management now i want to do role management (managing role with separate table) with FosUserBundle and need to give access to user as per role assigned to him/her. Please suggest some good solution to achieve this functionality?
You can use user groups for set needed role for users. And check it with isGranted('ROLE') method in controller or in twig templates
You can check the documentation for the configuration of security.yml :
https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Resources/doc/index.md
Then after specifying your ROLES there in the hierarchy you can start giving access to specific roles in the access_control part of the security.yml configuration.
For some reasons you will want to check in the twig or in the controller there are also some function which allow you to check if the user is granted this or that Role with :
$this->container->get('security.context')->isGranted('YOUR_CUSTOM_ROLE');
or twig :
{%if is_granted('YOUR_CUSTOM_ROLE')%} /* show some custom data */ {%endif%}
You can add or remove roles from Users also using :
$user->removeRole('ROLE_ADMIN');
$user->addRole('YOUR_CUSTOM_ROLE');
$em->persist($user);
$em->flush();
This is mostly what you will need the roles for in general, access_control configuration, Twig checks, Controller Checks and Add/Remove Roles.
I have an entity "Vehicles" which has ManyToOne connection with another entity - "Department". I could set "department" property to a user. I would like this user (who has ROLE_DEPARTMENT_MANAGER role), to be able to see (list, create, delete, etc.) only the vehicles from his own department.
When using Roles I could restrict access to specific actions. I think I should use ACL, but I am not sure how to do it and how Sonata Admin will behave.
I found similar question here, but nobody had answer it: Sonata Admin Bundle filter show entity from role user
Would you tell me how to do it in Sonata Admin Bundle.
You can customize the query used to generate the list in your VehicleAdmin class:
http://sonata-project.org/bundles/admin/master/doc/reference/action_list.html#customizing-the-query-used-to-generate-the-list
I'm working on a Symfony app that will have some basic roles that can be assigned to users. Note, I'm not using the FOSUserBundle because I don't need more than half the features in it.
I have my users defined in the database, but I'd like to keep the role definitions out of the database. But several examples and other tutorials I've found keep the roles in the database, and use a ManyToMany relationship to assign them to users. This seems odd to me, since the actual use of the roles is hardcoded into the app.
For example, if I have a custom role ROLE_EDITOR, I have several routes and controllers that I may restrict to ROLE_EDITOR. Why would I "define" this role in the database? That means when developing my application and I add a new user role, I have to either write a script to programmatically insert a new role into the DB or do it manually, before the code is deployed that makes use of the role. I don't want admins to be able to add/edit/delete roles. It should be a design decision done programmatically.
In Drupal, there's a concept of Roles and Permissions. You define permissions in code and check against those, and then roles are defined in the database and are assigned permissions. But it seems that Symfony just has the concept of Roles.
I'm hoping someone can fill in a missing piece of information for me or something. How can I implement a system where the role assignments are done in the database, but the roles themselves are managed via code only?
My instinct is to just create a single entity that relates to User and has a string field for the ROLE_NAME. But this seems to go against the paradigm of having a real Role entity.
I've got a custom user provider entity which permits me to connect the users. This custom user provider entity implements UserInterface in accordance to this interface I've got a "getRoles()" function which give me the user's roles.
But my roles are recursive.
Example: a user got a role1, the role1 inherited the role2 so the user has gotten the role1 and the role2. To make this recursivity I create a role table, a role_role table (parent/child), a user table and finally a user_role table.
To get ALL the user's roles I have to query my DB with Doctrine so from where can I do that ?
It seems to be forbidden to query from an entity and I can't put the query in entity repository classe because I can't overwrite the entity's "getRoles()" and it seems not to be a good idea to access the repository form entities.
P.-S.: thank you for your indulgence with my grammar, it's my first English message (I'm French).
There is no role hierarchy in DB in Symfony 2.x. It's configure in security.yml check out http://symfony.com/doc/current/book/security.html#hierarchical-roles .
If you don't want to use this feature straight from Symfony 2, you'll have to implement yourself a RoleVoter that get the roles hierarchy direct from the DB.
Another possibility is to use Doctrine Events Listeners ( http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/reference/events.html ) to load the hierarchy from the DB. You'll probably need to listen to the postLoad event.
The solution is to use fully the Doctrine's ORM.
Add a collection variable in the User entity which reference all the UserRole linked to him with an ORM:
#ORM\OneToMany(targetEntity="RoleUser", mappedBy="user")
...
protected $roleUser;
In RoleUser entity add an ORM which permit to bind the User with the right RoleUser:
#ORM\ManyToOne(targetEntity="User", inversedBy="roleUser")
...
protected $user;
Now you can get all the UserRoles linked to the User.
To get the roles write the "sames" ORM between UserRole entity and Role and between RoleRole and Role. Finally you access to your roles from User by $rolesUtilisateur.