Search by 
ggbb / symfony-user-permission
The permissions system for users in symfony
v0.0.1
2024-11-15 05:55 UTC
Requires
- php: >=8.1
- doctrine/doctrine-bundle: ^2.10
- doctrine/doctrine-migrations-bundle: ^3.2
- doctrine/orm: ^2.15
- symfony/framework-bundle: ^6.3 || ^7.0
- symfony/security-bundle: ^6.3 || ^7.0
- symfony/yaml: ^6.3 || ^7.0
Requires (Dev)
Conflicts
- symfony/config: <6.4
- symfony/dependency-injection: <6.4
README
This bundle extends the capabilities of the standard Symfony security mechanism by adding custom access rights for roles.
Installation
Installation from composer
composer require ggbb/symfony-user-permission
config/packages/ggbb_user_permission.yaml
ggbb_user_permission: entity: user: App\Entity\User user_role: App\Entity\UserRole mapping: permissions_dir: '%kernel.project_dir%/src/Permission' namespace: App\Permission
config/packages/security.yaml
security: providers: users: id: ggbb.user_permission.user_provider access_decision_manager: strategy: unanimous # ...
.../UserRepository.php
class UserRepository extends ServiceEntityRepository implements PasswordUpgraderInterface, UserLoaderInterface { use UserRoleUserLoaderTrait; ... }
.../User.php
class User implements UserInterface, UserRoleFieldInterface { use GetRolesMethodTrait; ... }
.../UserRole.php
namespace App\Entity; #[ORM\Entity(repositoryClass: UserRoleRepository::class)] class UserRole implements UserRoleInterface { use RoleFieldTrait; use RolePermissionFieldTrait; ... }
Using
Creating and assigning default roles for users
php bin/console role:create-default-user-role
Application in the controller
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Component\HttpFoundation\Response; class YourController extends AbstractController { public function yourAction(): Response { if ($this->isGranted('ROLE_ADMIN')) { // ... } $object = ...; if ($this->isGranted('EDIT', $object)) { // ... } return new Response('...'); } }
Usage in the api-platform
#[Patch(
security: "is_granted('PostPermission::EDIT') or is_granted('PostPermission::MY_EDIT', object.getAddedByUser())",
)]
class Post
{
// ...
}
Creating permissions
.../src/Permission/MyPermission.php
<?php namespace App\Permission; use Ggbb\SymfonyUserPermissionBundle\Permission\AbstractPermission; class PostPermission extends AbstractPermission { public const VIEW = 'PostPermission::VIEW'; public const ADD = 'PostPermission::ADD'; public const EDIT = 'PostPermission::EDIT'; public const MY_EDIT = 'PostPermission::MY_EDIT'; public const DELETE = 'PostPermission::DELETE'; public function getPermissions(): array { return [ self::VIEW => [ 'title' => 'Просмотр всех объектов', ], self::ADD => [ 'title' => 'Добавить объект', ], self::EDIT => [ 'title' => 'Отредактировать все объекты', ], self::DELETE => [ 'title' => 'Удалить все объекты', ], ]; } public function getName(): string { return 'Объекты'; } }