Skip to content

devggbb/symfony-user-permission

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
config
config
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 

Repository files navigation

SymfonyUserPermission

This bundle extends the capabilities of the standard Symfony security mechanism by adding custom access rights for roles.

Installation

Installation from composer

composer require ggbb/symfony-user-permission

config/packages/ggbb_user_permission.yaml

ggbb_user_permission:
  entity:
    user: App\Entity\User
    user_role: App\Entity\UserRole
  mapping:
    permissions_dir: '%kernel.project_dir%/src/Permission'
    namespace: App\Permission

config/packages/security.yaml

security:
  providers:
    users:
      id: ggbb.user_permission.user_provider
  access_decision_manager:
    strategy: unanimous
  # ...

.../UserRepository.php

class UserRepository extends ServiceEntityRepository implements PasswordUpgraderInterface, UserLoaderInterface
{
    use UserRoleUserLoaderTrait;
    ...
}

.../User.php

class User implements UserInterface, UserRoleFieldInterface
{
    use GetRolesMethodTrait;
    ...
}

.../UserRole.php

namespace App\Entity;

#[ORM\Entity(repositoryClass: UserRoleRepository::class)]
class UserRole implements UserRoleInterface
{
    use RoleFieldTrait;
    use RolePermissionFieldTrait;
    ...
}

Using

Creating and assigning default roles for users

php bin/console role:create-default-user-role

Application in the controller

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;

class YourController extends AbstractController
{
    public function yourAction(): Response
    {
        if ($this->isGranted('ROLE_ADMIN')) {
            // ...
        }

        $object = ...;
        if ($this->isGranted('EDIT', $object)) {
            // ...
        }

        return new Response('...');
    }
}

Usage in the api-platform

#[Patch(
    security: "is_granted('PostPermission::EDIT') or is_granted('PostPermission::MY_EDIT', object.getAddedByUser())",
)]
class Post
{
    // ...
}

Creating permissions

.../src/Permission/MyPermission.php

<?php

namespace App\Permission;

use Ggbb\SymfonyUserPermissionBundle\Permission\AbstractPermission;

class PostPermission extends AbstractPermission
{
    public const VIEW = 'PostPermission::VIEW';
    public const ADD = 'PostPermission::ADD';
    public const EDIT = 'PostPermission::EDIT';
    public const MY_EDIT = 'PostPermission::MY_EDIT';
    public const DELETE = 'PostPermission::DELETE';


    public function getPermissions(): array
    {
        return [
            self::VIEW => [
                'title' => 'Просмотр всех объектов',
            ],
            self::ADD => [
                'title' => 'Добавить объект',
            ],
            self::EDIT => [
                'title' => 'Отредактировать все объекты',
            ],
            self::DELETE => [
                'title' => 'Удалить все объекты',
            ],
        ];
    }

    public function getName(): string
    {
        return 'Объекты';
    }
}

About

The permissions system for users in symfony

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v0.0.1 Latest
Nov 15, 2024

Packages

No packages published

Languages