Geek Answers Handbook

How to make permission system using Symfony 2?

general description

The system should process many elements organized into nested categories (see a visual example below), providing clients with the ability to define permission rules (see permission rules below). It should also handle various general permissions that are independent of any elements (for example, โ€œcan I view a specific page?โ€ Or โ€œcan invite new members?โ€).

All users are organized in groups. Each user has a primary group to which he belongs, but he may also have additional additional groups.

Several users can be configured as super admins, and they should be allowed to do something.

When deciding whether the user is allowed to do something, the inheritance of permissions is as follows:

  • Start with Group Permissions
  • Allow all permissions allowed by any of the additional user groups
  • If defined, check user permissions (allow or deny, regardless of the above). User permissions should not be defined, if they are not defined, the user simply inherits the permission from group permissions

When determining group permission, the client can use inheritance to say something like:

  • Users are allowed ...
  • Editors have all user permissions + ...
  • Moderators have all the permissions of the editors + ... - ...
  • +

.. 10 , /, , , , , .

(, , , ..), .

(, , ), (, , , , ..) , ( , URL, , , ), php script.

. .

:

Category 1
   Nested Category A
      item x
   Nested Category B
      Deeply Nested Category
         item w
      item y
Category 2
   item z

, , : (, , )

:

id | title  | owner_id | category_id
====================================
1  | item x | 2        | 3
2  | item y | 1        | 4
3  | item z | 3        | 2
4  | item w | 1        | 5

:

id | parents | title
=====================================
1  | null    | Category 1
2  | null    | Category 2
3  | 1       | Nested Category A
4  | 1       | Nested Category B
5  | 1/4     | Deeply Nested Category

:

id | name | group | all_groups | is_super_admin
===============================================
1  | Tony | 5     | 5          | 1
2  | John | 5     | 5,8,6      | 0
3  | Mike | 4     | 4,7        | 0
4  | Ryan | 6     | 6          | 0

- , .

  • 5 ()
  • "" " 1" .
  • , , admin.

, , .

symfony, stackoverflow .. acls, .

, - , , . , ( , , , ), , (. ), (, , ). , , , .

, โ€‹โ€‹, , symfony . , , .

+5
1

, , Symfony 2.3+, .

, SecurityVoters.

, .

$this->get('security.authorization_checker')->isGranted('update',$post);

, Post (. ), (, ), , ( tule )

, .

, , .

, hierarhy

SecurityComponent

+1

More articles:


All Articles