guilro/protection-proxy-bundle

Protection proxy generator for Symfony2

0.1.4 2014-02-28 14:34 UTC

README

Build Status

Current version : 0.1.4

Installation

Add this bundle to your composer.json file:

{
    "require": {
        "guilro/protection-proxy-bundle": "0.1.*"
    }
}

Register the bundle in app/AppKernel.php:

<?php

// app/AppKernel.php
public function registerBundles()
{
    return array(
        // ...
        new Guilro\ProtectionProxyBundle\GuilroProtectionProxyBundle(),
    );
}

Usage

You have to configure the protected classes and methods (for the moment in config.yml).

# app/config/config.yml

guilro_protection_proxy:
    caching: true #optional, default to false
    protected_classes:
        Acme\BlogBundle\Entity\Comment:
            methods:
                getTitle:
                    attribute: ROLE_USER #can be a role, or any attribute that a voter can handle
                    deny_value: Title hidden ! #optional setting, default will return null on deny
                getAuthor:
                    expression: '"ROLE_ADMIN" in roles or (user and user.isSuperAdmin())'
                    return_proxy: true

Typicall usage in your controllers and views:

$em->getRepository('AcmeBlogBundle:Comment')->find(342);

$proxyManager = $this->get('guilro.protection_proxy');

$commentProxy = $proxyManager->getProxy($comment);

$this->render(
    'AcmeBlogBundle:Comment:show.twig.html',
    array('comment' => $commentProxy)
);
  • If 'attribute' is set, when using the generated proxy, original methods getTitle() and setAuthor() of $comment will only be really executed if $securityContext->isGranted('attribute', $comment) returns true.
  • If 'expression' is set, when using the generated proxy, original methods will only be really executed if $securityContext->isGranted(new Expression($expression), $comment) returns true.
  • If both are set, both test are performed.
  • If $securityContext->isGranted() returns false, the original method will not be executed. It will return null, or deny_value if set.
  • If the original method returns an object of a pretected class, it will return the raw object or its protected proxy depending on return_proxy setting. Default for this setting is false.

If you use attributes other than roles, you should probably implements your own Voter in order to grant access or not to users.