Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Let's take the most basic example: a Blog application (again).</p> <p>When building a blog application, you often need to authenticate users and authorize them to do specific actions, like:</p> <ul> <li>authorize Bob to add a new contributor to the blog</li> <li>authorize Alice to create a new blog post</li> <li>authorize Alice to edit her own blog post</li> <li>authorize Bob to delete Alice's blog post</li> </ul> <h2>What is a Role</h2> <p>A role represents <strong>a set of permissions, hard coded in your application</strong>. When checking if a user is allowed to add a new contributor to the blog, your code checks if the current user has the Role "ROLE_ADMIN".</p> <p>That's why Bob (he has the ROLE_ADMIN) is allowed to add a Alice as a new Contributor. See <a href="http://symfony.com/doc/current/book/security.html#roles">Symfony documentation on Security/Roles</a>.</p> <h2>What is a Group</h2> <p>When a user belongs to a group, she's usually <strong>entitled a set of Roles</strong>. Alice belongs to the group "Contributors", so she has the Roles ROLE_STATS (she's allowed to see the blog stats) and ROLE_POST (she's allowed to post a new blog entry).</p> <p>Again, this concept is not hard coded in Symfony, but developers usually think it that way. See <a href="http://symfony.com/doc/current/cookbook/security/entity_provider.html#managing-roles-in-the-database">some bit on managing Roles in a database with Groups</a>.</p> <h2>ACLs</h2> <p>Access Control Lists come in handy when you need to take a authorization decision based <strong>on a Role + a domain object</strong>.</p> <p>Alice is allowed to edit blog entries written by her only. To check this authorization, you need Alice's Roles and the Post model she's trying to edit. <a href="http://symfony.com/doc/current/cookbook/security/acl.html">Symfony's documentation on ACLs</a> is also pretty clear about that.</p> <p>Oh, and Bob is allowed to edit all blog entries because he has the ROLE_ADMIN. The decision here is only based on a Role.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload