Current version : 0.1.4
Add this bundle to your composer.json
file:
{
"require": {
"guilro/protection-proxy-bundle": "0.1.*"
}
}
Register the bundle in app/AppKernel.php:
<?php
// app/AppKernel.php
public function registerBundles()
{
return array(
// ...
new Guilro\ProtectionProxyBundle\GuilroProtectionProxyBundle(),
);
}
You have to configure the protected classes and methods (for the moment in config.yml).
# app/config/config.yml
guilro_protection_proxy:
caching: true #optional, default to false
protected_classes:
Acme\BlogBundle\Entity\Comment:
methods:
getTitle:
attribute: ROLE_USER #can be a role, or any attribute that a voter can handle
deny_value: Title hidden ! #optional setting, default will return null on deny
getAuthor:
expression: '"ROLE_ADMIN" in roles or (user and user.isSuperAdmin())'
return_proxy: true
Typicall usage in your controllers and views:
$em->getRepository('AcmeBlogBundle:Comment')->find(342);
$proxyManager = $this->get('guilro.protection_proxy');
$commentProxy = $proxyManager->getProxy($comment);
$this->render(
'AcmeBlogBundle:Comment:show.twig.html',
array('comment' => $commentProxy)
);
- If 'attribute' is set, when using the generated proxy, original methods
getTitle()
andsetAuthor()
of$comment
will only be really executed if$securityContext->isGranted('attribute', $comment)
returnstrue
. - If 'expression' is set, when using the generated proxy, original methods will only be really executed if
$securityContext->isGranted(new Expression($expression), $comment)
returnstrue
. - If both are set, both test are performed.
- If
$securityContext->isGranted()
returns false, the original method will not be executed. It will returnnull
, ordeny_value
if set. - If the original method returns an object of a pretected class, it will return the raw object or its protected proxy depending on
return_proxy
setting. Default for this setting isfalse
.
If you use attributes other than roles, you should probably implements your own Voter in order to grant access or not to users.