Users

.env

@@ -34,3 +34,5 @@ CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
 ###< nelmio/cors-bundle ###
 
 DEFAULT_LOCALE=en
+
+SITE_TITLE="RPA Process Overview"

CHANGELOG.md

@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+* [PR-8](https://github.com/itk-dev/rpa-process-overview/pull/8)
+  Added users and security and form based login
 * [PR-5](https://github.com/itk-dev/rpa-process-overview/pull/5)
   Added multi-step form hacks
 * [PR-7](https://github.com/itk-dev/rpa-process-overview/pull/7)

README.md

@@ -70,3 +70,13 @@ curl -H "Origin: http://127.0.0.1:3000/ProcessOverview?page=3" \
     -X OPTIONS --verbose \
     "http://$(task --silent compose -- port nginx 8080)/group/1/overview/1/data"
 ```
+
+## User management
+
+We have a number of commands for managing users. Run
+
+``` shell
+task console -- list app:user
+```
+
+to see the list of user related commands.

composer.json

@@ -13,6 +13,7 @@
         "easycorp/easyadmin-bundle": "^4.25.1",
         "league/uri-components": "^7.5.1",
         "runtime/frankenphp-symfony": "^0.2.0",
+        "stof/doctrine-extensions-bundle": "^1.14",
         "symfony/asset": "~7.3.0",
         "symfony/asset-mapper": "~7.3.4",
         "symfony/console": "~7.3.4",
@@ -21,6 +22,7 @@
         "symfony/framework-bundle": "~7.3.4",
         "symfony/mercure-bundle": "^0.3.9",
         "symfony/runtime": "~7.3.4",
+        "symfony/security-bundle": "~7.3.0",
         "symfony/translation": "~7.3.4",
         "symfony/twig-bundle": "~7.3.4",
         "symfony/yaml": "~7.3.3",

config/bundles.php

@@ -18,4 +18,5 @@
     Nelmio\CorsBundle\NelmioCorsBundle::class => ['dev' => true],
     Symfony\Bundle\DebugBundle\DebugBundle::class => ['dev' => true],
     Symfonycasts\TailwindBundle\SymfonycastsTailwindBundle::class => ['all' => true],
+    Stof\DoctrineExtensionsBundle\StofDoctrineExtensionsBundle::class => ['all' => true],
 ];

config/packages/security.yaml

@@ -4,14 +4,26 @@ security:
         Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
     # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
     providers:
-        users_in_memory: { memory: null }
+        # used to reload user from session & other features (e.g. switch_user)
+        app_user_provider:
+            entity:
+                class: App\Entity\User
+                property: email
     firewalls:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
         main:
             lazy: true
-            provider: users_in_memory
+            provider: app_user_provider
+            form_login:
+                login_path: app_login
+                check_path: app_login
+                enable_csrf: true
+            logout:
+                path: app_logout
+                # where to redirect after logout
+                # target: app_any_route
 
             # activate different ways to authenticate
             # https://symfony.com/doc/current/security.html#the-firewall
@@ -22,8 +34,9 @@ security:
     # Easy way to control access for large sections of your site
     # Note: Only the *first* access control that matches will be used
     access_control:
-        # - { path: ^/admin, roles: ROLE_ADMIN }
-        # - { path: ^/profile, roles: ROLE_USER }
+        - { path: ^/admin, roles: ROLE_ADMIN }
+        - { path: ^/login, roles: PUBLIC_ACCESS }
+        - { path: ^/, roles: ROLE_USER }
 
 when@test:
     security:

config/packages/stof_doctrine_extensions.yaml

@@ -0,0 +1,8 @@
+# Read the documentation: https://symfony.com/doc/current/bundles/StofDoctrineExtensionsBundle/index.html
+# See the official DoctrineExtensions documentation for more details: https://github.com/doctrine-extensions/DoctrineExtensions/tree/main/doc
+stof_doctrine_extensions:
+    default_locale: '%env(DEFAULT_LOCALE)%'
+    orm:
+        default:
+            blameable: true
+            timestampable: true

config/packages/twig.yaml

@@ -1,5 +1,7 @@
 twig:
     file_name_pattern: '*.twig'
+    globals:
+        site_title: '%site_title%'
 
 when@test:
     twig:

config/services.yaml

@@ -4,6 +4,7 @@
 # Put parameters here that don't need to change on each machine where the app is deployed
 # https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
 parameters:
+    site_title: '%env(SITE_TITLE)%'
 
 services:
     # default configuration for services in *this* file
@@ -18,3 +19,8 @@ services:
 
     # add more service definitions when explicit configuration is needed
     # please note that last definitions always *replace* previous ones
+
+    App\Controller\SecurityController:
+        arguments:
+            $options:
+                page_title: '%site_title%'

fixtures/user.yaml

@@ -0,0 +1,12 @@
+App\Entity\User:
+  admin:
+    email: admin@example.com
+    password: '<password(@self, "admin")>'
+    roles:
+      - ROLE_ADMIN
+
+  user:
+    email: user@example.com
+    password: '<password(@self, "password")>'
+    roles:
+      - ROLE_USER