I've got a custom user provider entity which permits me to connect the users. This custom user provider entity implements UserInterface in accordance to this interface I've got a "getRoles()" function which give me the user's roles.
But my roles are recursive.
Example: a user got a role1, the role1 inherited the role2 so the user has gotten the role1 and the role2. To make this recursivity I create a role table, a role_role table (parent/child), a user table and finally a user_role table.
To get ALL the user's roles I have to query my DB with Doctrine so from where can I do that ?
It seems to be forbidden to query from an entity and I can't put the query in entity repository classe because I can't overwrite the entity's "getRoles()" and it seems not to be a good idea to access the repository form entities.
P.-S.: thank you for your indulgence with my grammar, it's my first English message (I'm French).
There is no role hierarchy in DB in Symfony 2.x. It's configure in security.yml check out http://symfony.com/doc/current/book/security.html#hierarchical-roles .
If you don't want to use this feature straight from Symfony 2, you'll have to implement yourself a RoleVoter that get the roles hierarchy direct from the DB.
Another possibility is to use Doctrine Events Listeners ( http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/reference/events.html ) to load the hierarchy from the DB. You'll probably need to listen to the postLoad event.
The solution is to use fully the Doctrine's ORM.
Add a collection variable in the User entity which reference all the UserRole linked to him with an ORM:
#ORM\OneToMany(targetEntity="RoleUser", mappedBy="user")
...
protected $roleUser;
In RoleUser entity add an ORM which permit to bind the User with the right RoleUser:
#ORM\ManyToOne(targetEntity="User", inversedBy="roleUser")
...
protected $user;
Now you can get all the UserRoles linked to the User.
To get the roles write the "sames" ORM between UserRole entity and Role and between RoleRole and Role. Finally you access to your roles from User by $rolesUtilisateur.
Related
I'm a newbie to symfony 4.2. and trying to create an authentication form to access a back-end. I am not using FosUserBundle.
So far i have an a access denial due to that the user has not admin permissions.
in my user table created with make:user, i have a column named "roles" which contains an empty array.
I guess it should contain something like 'ROLE_ADMIN' but i have no idea.
Any help is welcome. Thanks
You should take a look to the official documentation : https://symfony.com/doc/current/security.html
The column roles is an array in Doctrine, so serialized string in database, you can fill this with :
a:1:{i:0;s:10:"ROLE_ADMIN";}
This way your user will have admin role. Then you can manager the roles access in your security.yml file, according to documentation.
I am new to symfony,i am using FosUserBundle for user management now i want to do role management (managing role with separate table) with FosUserBundle and need to give access to user as per role assigned to him/her. Please suggest some good solution to achieve this functionality?
You can use user groups for set needed role for users. And check it with isGranted('ROLE') method in controller or in twig templates
You can check the documentation for the configuration of security.yml :
https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Resources/doc/index.md
Then after specifying your ROLES there in the hierarchy you can start giving access to specific roles in the access_control part of the security.yml configuration.
For some reasons you will want to check in the twig or in the controller there are also some function which allow you to check if the user is granted this or that Role with :
$this->container->get('security.context')->isGranted('YOUR_CUSTOM_ROLE');
or twig :
{%if is_granted('YOUR_CUSTOM_ROLE')%} /* show some custom data */ {%endif%}
You can add or remove roles from Users also using :
$user->removeRole('ROLE_ADMIN');
$user->addRole('YOUR_CUSTOM_ROLE');
$em->persist($user);
$em->flush();
This is mostly what you will need the roles for in general, access_control configuration, Twig checks, Controller Checks and Add/Remove Roles.
I have an entity "Vehicles" which has ManyToOne connection with another entity - "Department". I could set "department" property to a user. I would like this user (who has ROLE_DEPARTMENT_MANAGER role), to be able to see (list, create, delete, etc.) only the vehicles from his own department.
When using Roles I could restrict access to specific actions. I think I should use ACL, but I am not sure how to do it and how Sonata Admin will behave.
I found similar question here, but nobody had answer it: Sonata Admin Bundle filter show entity from role user
Would you tell me how to do it in Sonata Admin Bundle.
You can customize the query used to generate the list in your VehicleAdmin class:
http://sonata-project.org/bundles/admin/master/doc/reference/action_list.html#customizing-the-query-used-to-generate-the-list
I use symfony2 and also I integrated FOSUserBundle. But, I see that user's roles are stored in an array. I want to add more types user's roles, and for every user it will correspond only a user role type.
For example for this problem I found this solution:
1) Create a table 'user_roles', where it can be find all user role types.
2) Between 'user' tabel and 'user_roles' tabel, it will exist a relation created by the 'role' field.
How can I do that using FOSUserBundle given that the 'user' tabel from FOSUserBundle has a 'role' field that keep an array of roles types.
Role management in FOSUserBundle is the same as Symfony. You can read the documentation here.
You define your roles in your security.yml in a hierarchical way.
There is ROLES and access_control, hardcoded in security.yml. But i wanna have ability to change set of privileges given to certain roles, create new roles, and even give some role (which can be granted to user, who are not familiar with programming) ability to make same things.
Obviously, i must have ability to manage roles and access control from web-interface. And for that, i must store roles name and privileges, according to that role, in database.
How can i do that?
Thanks for answering!
Yes you can have basically have any role you want you just need to implement the interface Symfony\Component\Security\Core\User\UserInterface in your User entity and return the list of roles for that user in the getRoles() method.
If you haven't implemented the UserInterface in your User entity check the Symfony 2 Security documentation http://symfony.com/doc/current/book/security.html#loading-users-from-the-database
And also the UserInterface API for the getRoles() method specification.