I would like to know how can i know if a user is granted when it's not the current user in twig.
I use this code for the current user:
{% if is_granted('ROLE_USER') %}
Delete
{% endif %}
But i would like to be able to do the same thing with ohter users that are not logged in at the moment.
Thank you.
Edit:
In fact i think there isn't a direct way with twig to test role of a user that is not authenticated.
So i did it directly in the twig template, test if a user is admin or not, then set var.
(in my question i was searching how to do in a list of users.)
{% set from_user_is_admin = false %}
{% for role in from_user.getRoles() %}
{% if role == 'ROLE_ADMIN' %}{% set from_user_admin = true %}{% endif %}
{% if role == 'ROLE_SUPER_ADMIN' %}{% set from_user_admin = true %}{% endif %}
{% endfor %}
{% if from_user_admin == false %}THIS USER IS NOT ADMIN{% endif %}
I think it would be much easier if you implemented an isGranted function in the User entity:
Class User implements UserInterface {
...
public function isGranted($role)
{
return in_array($role, $this->getRoles());
}
}
You can now easily check for granted roles in every layer of your application.
In PHP:
$user->isGranted("USER_ADMIN")
Or in Twig:
user.granted("USER_ADMIN")
If you need to check a role for the current user, you can do this in Twig:
app.user.granted("USER_ADMIN")
Note: the variable "app" is globally defined.
Note 2: this code may throw an exception if you use it outside the secured area of your app, since app.user would be NULL.
You can use similar statement to the above with "not" :
{% if not is_granted('ROLE_USER') %}
Delete
{% endif %}
or use else statement:
{% if is_granted('ROLE_USER') %}
Delete
{% else %}
{# something else for guest user, not logged in #}
{% endif %}
You should create either a twig macro, or a twig function.
Creating a macro is very simple, using your code:
{% macro admin_status(from_user) %}
{% set from_user_is_admin = false %}
{% for role in from_user.getRoles() %}
{% if role == 'ROLE_ADMIN' %}{% set from_user_admin = true %}{% endif %}
{% if role == 'ROLE_SUPER_ADMIN' %}{% set from_user_admin = true %}{% endif %}
{% endfor %}
{% if from_user_admin == false %}THIS USER IS NOT ADMIN{% endif %}
{% endmacro %}
You can then use it in the same file as {% _self.admin_status(user) %}. You may also move it to a separate file, and use twig's import tag to gain access to it.
Creating a twig function is a better option, for details see extending twig. It boils down to creating a regular function, that may be called from twig, so code like this becomes possible:
{% if user_is_admin(user) %}
You'll also need to read enabling custom twig extensions.
i did it this way, have this snippet in the global twig file, in my case layout.html.twig
{% set is_admin = false %}
{% if app.security.token.user.roles is iterable %}
{% for role in app.security.token.user.roles %}
{% if role == 'ROLE_ADMIN' or role == 'ROLE_SUPER_ADMIN' %}
{% set is_admin = true %}
{% endif %}
{% endfor %}
{% endif %}
then i can use anywhere
{% if is_admin %}....{% endif %}
Related
In Symfony 4, I have a couple of different roles. I have a view in Twig which shows a user list. Users can have multiple roles. In the list, I want to show some text if a user has a role "MANAGER". Showing all roles is done with:
{% for role in user.roles %}
{{ role }}
{% endfor %}
Now if the user has the role "MANAGER" I want to show some text. I tried:
{% for role in user.roles %}
{% if (role is "MANAGER") %}
Show some text.
{% endif %}
{% endfor %}
but this returns the error
Unexpected token "string" of value "MANAGER" ("name" expected).
Same error is shown when I use {% if is "MANAGER") %} and when I use {% if "MANAGER") %} for some reason Show some text. is shown for every role the user has, no matter which role that is. What am I doing wrong?
As an answer to your self posted answer: a single role is not an array, the containment operator (see https://twig.symfony.com/doc/2.x/templates.html#containment-operator) supports checks for substrings as well, that's what happening here.
So you check works, but might have false-positives if you have for example a role "MINI_MANAGER", e.g.
{% set role = "MINI_MANAGER" %}
{% if "MANAGER" in role %}
Some text here.
{% endif %}
will also output "Some text here.". So the better solution would be:
{% for role in user.roles %}
{% if role == "MANAGER" %}
Some text here.
{% endif %}
{% endfor %}
This could still lead to problems when role is the boolean value "true" (that is not a Twig problem, but normal PHP behavior), so you can also have a look into the "same as" test, see https://twig.symfony.com/doc/2.x/tests/sameas.html
{% for role in user.roles %}
{% if role is same as("MANAGER") %}
Some text here.
{% endif %}
{% endfor %}
So it seems I have figured it out. It seems every single role is in fact an array, so you have to check for the value within the array like this:
{% for role in user.roles %}
{% if "MANAGER" in role %}
Some text here.
{% endif %}
{% endfor %}
I am still not sure why a single role is an array though, but there surely is a reason for that.
What about this?
{% if is_granted('ROLE_MANAGER') %}
Some text here
{% endif %}
Source: Symfony2 security functions in Twig? How to check the user's role?
See also Symfony Doc
Roles: When a user logs in, they receive a set of roles (e.g.
ROLE_ADMIN).
I have different layouts depending on the user. This triggers the following error:
"Multiple extends tags are forbidden". How can I manage to use different layouts depending on the role of the user?
{% if is_granted('ROLE_USER_ONE') %}
{% extends "AcmeUserBundle::layout_user_one.html.twig" %}
{% elseif is_granted('ROLE_USER_TWO') %}
{% extends "AcmeUserBundle::layout_user_two.html.twig" %}
{% endif %}
EDIT
Here is the answer. I will use the case of 3 users in case people wonder how to do this. In this case admin has also userOne and userTwo privileges in case someone wonders about the else statement. I use Conditional Inheritance in this case, but as suggested in one of the answer, Dynamic Inheritance might be more readable.
{% set admin = false %}
{% set userOne = false %}
{% set userTwo = false %}
{% if is_granted('ROLE_ADMIN') %}
{% set admin = true %}
{% else %}
{% if is_granted('ROLE_USER_ONE') %}
{% set userOne = true %}
{% elseif is_granted('ROLE_USER_TWO') %}
{% set userTwo = true %}
{% endif %}
{% endif %}
{% extends admin ? "AcmeUserBundle::layout_admin.html.twig" : userTwo ? "AcmeUserBundle::layout_user_two.html.twig" : "AcmeUserBundle::layout_user_one.html.twig" %}
Check out the Conditional Inheritance section in the docs.
If you need more than two options, see the Dynamic Inheritance section:
{% set parent = 'defaultLayout.html.twig' %}
{% if is_granted('ROLE_USER') %}
{% set parent = 'userLayout.html.twig' %}
{% elseif is_granted('ROLE_ADMIN') %}
{% set parent = 'adminLayout.html.twig' %}
{% endif %}
{% extends parent %}
You should have two different templates
#user_one.html.twig
{% extends "AcmeUserBundle::layout_user_one.html.twig" %}
and
#user_two.html.twig
{% extends "AcmeUserBundle::layout_user_two.html.twig" %}
Then you should have one "entry" point - some user.html.twig, in which you'll decide:
#user.html.twig
{% if is_granted('ROLE_USER_ONE') %}
{% include "AcmeUserBundle::user_one.html.twig" %}
{% elseif is_granted('ROLE_USER_TWO') %}
{% include "AcmeUserBundle::user_two.html.twig" %}
{% endif %}
I want to theme my form so that the field's label show the current locale, something like
Name (en) :
So I would like to rewrite block generic_label like that :
{# form_theme.html.twig #}
{% block generic_label %}
{% spaceless %}
{% if required %}
{% set attr = attr|merge({'class': attr.class|default('') ~ ' required'}) %}
{% endif %}
<label{% for attrname,attrvalue in attr %} {{attrname}}="{{attrvalue}}"{% endfor %}>{{ label|trans }} (app.session.locale)</label>
{% endspaceless %}
{% endblock %}
and import it in my template :
{% form_theme options 'myBundle:Object:form_theme.html.twig' %}
but the app variable is not accessible in the form template.
How can I pass a variable to a form theme ?
In current version of twig (as for 2016) it is possible.
In your template use the following like this:
{{ form_row(form.content, {'testvar' : 'this is test variable'}) }}
Then, in your theme file, just use:
{{testvar}}
of course instead of form.content you will use the field name you need.
Cheers,
Chris
You need to create a form extension in order to get it done. Take a look at
http://toni.uebernickel.info/2011/11/25/how-to-extend-form-fields-in-symfony2.html
to learn how to create the extension.
To have access to session locale, make sure to inject the container. After that you'll be able to get any var value you want.
If the app variable is not available in the form theme it may be a bug. I suggest you create a ticket.
In the meantime you can use the current template as a theme. Something like...
{% form_theme form _self %}
{% block field_label %}
{% set attr = attr|merge({ 'for': id }) %}
{% if required %}
{% set attr = attr|merge({ 'class': attr.class|default('') ~ ' required' }) %}
{% endif %}
<label{% for attrname, attrvalue in attr %} {{ attrname }}="{{ attrvalue }}"{% endfor %}>{{ label|trans }} ({{ app.session.locale }})</label>
{% endblock %}
If you are using Symfony master (2.1) replace app.session.locale with app.request.locale.
I am implementing an alphabetical search.
We display a table of Names. I want to highlight only those alphabets, which have names that begin with the corresponding alphabet.
I am stumped with a simple problem.
How to read the first character in the string user.name within twig.
I have tried several strategies, including the [0] operation but it throws an exception.
Here is the code
{% for i in ['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','0-9'] %}
{% set has_user_starting_with_alphabet = false %}
{% for user in pagination %}
{% if user.name[0]|lower == i %}
{% set has_user_starting_with_alphabet = true %}
{% endif %}
{% endfor %}
{% if has_user_starting_with_alphabet %}
<li><span>{{ i }}</span></li>
{% endif %}
{% endfor %}
Is there some function like "starts_with" in twig?
Since twig 1.12.2 you can use first:
{% if user.name|first|lower == i %}
For older version you can use slice:
{% if user.name|slice(0, 1)|lower == i %}
Note: You may also use this notation:
{% if user.name[:1]|lower == i %}
In an application built with Symfony2 we want superadmins to be able to impersonate other users. This is easily done by giving the superadmin user the ROLE_ALLOWED_TO_SWITCH role. The switching is implemented with a call to "somewhere?_switch_user=" as suggesed in the reference documentation.
The problem however, is to detect in a template if the current user is actually impersonated so as to print a link to "somewhere?_switch_user=_exit" on the page, thus enabling the impersonating user to return to her real user.
I haven't been using Symfony2 for a while so I'm not sure, but when you switch to another user you gain all roles assigned to that user and one extra role: ROLE_PREVIOUS_ADMIN. So I guess all you need to do is to use voter to check whether such a role is assigned to the current user using voter.
// Twig
{% if is_granted('ROLE_PREVIOUS_ADMIN') %}
EXIT
{% endif %}
// PHP
<?php if ($view['security']->isGranted('ROLE_PREVIOUS_ADMIN')): ?>
EXIT
<?php endif ?>
An example of how to get more details about the impersonator:
use Symfony\Component\Security\Core\Role\SwitchUserRole;
$sec = $this->get('security.context');
if($sec->isGranted('ROLE_PREVIOUS_ADMIN')) {
foreach($sec->getToken()->getRoles() as $role) {
if ($role instanceof SwitchUserRole) {
$admin_user = $role->getSource()->getUser();
}
}
}
You then have admin_user as the original user object. Remember to use the SwitchUserRole.
An example of how to display impersonator in twig:
{% if is_granted('ROLE_PREVIOUS_ADMIN') %}
{% for role in app.security.token.roles %}
{% if role.role == 'ROLE_PREVIOUS_ADMIN' %}
{{ role.source.user.username }}
{% endif %}
{% endfor %}
{% endif %}
If you need to test role from the previous admin user :
Working on Symfony 3.4
{% if is_granted('ROLE_PREVIOUS_ADMIN') %}
{% for role in app.token.roles %}
{% if role.role == 'ROLE_PREVIOUS_ADMIN' %}
{% for role_from_previous in role.source.roles if role_from_previous.role == "ROLE_DELETE" %}
{{ role.source.user.username }} has "ROLE_DELETE"
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}