Geek Answers Handbook

Symfony2: Access Control Best Practices

I am trying to find a good way to handle my access controls in Symfony2.

My requirements:

  • 90% of my application is only available to authenticated users.
  • in many controllers I need to check if the user is the owner
  • There are also some differences for different user roles.

What I have already done:

  • installed JMSSecurityExtraBundle to check permissions via annotation
  • specific global ace for my entity classes
  • I create an ace for the owner for each object in the creation process

Verifying ownership and role is not a problem. I just want to determine globally that the user must be authenticated for exceptions (sites that can be accessed anonymously). I want to determine its separation (best through annotations). I do not want to do this with a routing pattern.

+4
source share
2 answers

I'm not sure if this is what you are looking for, but have you tried the Event Listener ?

You can do your check in the onKernelController method. Then you can create various interfaces and check the type of your controller in the listener.

0
source

class AceBuilderListener implements EventSubscriber {

private $container; public function setContainer($container){ $his->container = $container; } public function getSubscribedEvents() { return array( Events::prePersist, Events::preUpdate, Events::preRemove, Events::postPersist, Events::postUpdate, Events::postRemove, Events::loadClassMetadata, ); } public function prePersist(){ echo( get_class($entity) ); } public function preUpdate(){ echo( get_class($entity) ); } public function preRemove(){ echo( get_class($entity) ); } public function postPersist(){ echo( get_class($entity) ); } public function postUpdate(LifecycleEventArgs $args) { $entity = $args->getEntity(); $entityManager = $args->getEntityManager(); echo get_class($entity); // perhaps you only want to act on some "Product" entity if ($entity instanceof Product | x) { // ... do something with the Product } } public function postRemove(){ die( get_class($entity) ); } public function loadClassMetadata( LoadClassMetadataEventArgs $args ){ $classMetadata = $args->getClassMetadata(); $entityManager = $args->getEntityManager(); $user = $this->container->get('security.context')->getToken()->getUser(); // you can check here if isGranted(); // and get the entity from the object $classMetadata $this->container->get('security.context')->isGranted('EDIT', $entity); }

}

0
source

More articles:


All Articles