StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POSymfony 2 - ACL check permission based on 'separate' roles
primarykey
Id
20684283
data
AcceptedAnswerId
20815304
AnswerCount
3
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2013-12-19T14:29:48.330
FavoriteCount
6
LastActivityDate
2015-06-08T19:31:50.023
LastEditDate
2015-06-08T19:31:50.023
LastEditorUserId
128245
OwnerUserId
1412741
ParentId
0
PostTypeId
1
Score
8
ViewCount
5038
LastEditorDisplayName
text
Body
Let's say we have 3 main roles that are directly bound to the database table <code>user</code>: <code>ROLE_USER</code>, <code>ROLE_MODERATOR</code> and <code>ROLE_ADMIN</code>. BUT, we also got some other roles, which are used for the <code>Crews</code> component (see UML below). I use the following roles for actions peformed in a <code>Crew</code>: <code>ROLE_CREW_BOSS</code>, <code>ROLE_CREW_LEFTHAND</code>, <code>ROLE_CREW_RIGHTHAND</code>, <code>ROLE_CREW_MEMBER</code>. <pre> +----------------+ +------------------+ | users | | crews | |----------------| |------------------| | id | | id | | username <---+ | name | | password | | +---> cash | | roles | | +-------------------+ | | ... | | ... | | | crew_members | | | | | | | |-------------------| | | | +----------------+ | | crew_id +--------------+ | | +----+ user_id | +--------^---------+ | roles | | | ... | +------------+ | | | | | | +------------------+ | | | | forum_topics | | | | |------------------| | | | | id | +-------------------+ +---+ crew_id | | title | | description | | ... | | | | | | | +------------------+</pre> That is the base structure, I hope that part is clear. Now comes the problem... The problem Every user with the role <code>ROLE_MODERATOR</code> can create <code>ForumTopic</code> objects, but not the one where <code>crew_id</code> is set, because that one is private for a specific crew. Also, only crew members (which are also users) that have the role <code>ROLE_CREW_BOSS</code>, <code>ROLE_CREW_LEFTHAND</code> or <code>ROLE_CREW_RIGHTHAND</code> can edit the forum topics of their crew. How do I check those kind of complexity? With a <code>Voter</code> maybe? UPDATE 1 I have solved the problem for 50%, but it's not solid. I've created a voter specific for the object <code>Entity\\ForumTopic</code>. <pre><code>public function vote(TokenInterface $token, $object, array $attributes) { if ($object instanceof ObjectIdentityInterface) { if ($object->getType() == 'Entity\\ForumTopic') { /** * @var Member $member */ $member = $token->getUser(); $userTable = new UserTable(); $user = $userTable->getByMember($member); $userInCrewTable = new UserInCrewTable(); $crewMember = $userInCrewTable->getByUser($user); if ($crewMember && in_array($crewMember->getRole(), array('boss', 'lefthand', 'righthand'))) { return self::ACCESS_GRANTED; } } } return self::ACCESS_ABSTAIN; } </code></pre> The only problem here is that I don't use the respective roles, so I can't use the role hierarchy functionality for example. Anyone got a better solution or a improvement on my current solution? Thanks! Steffen
Tags
<symfony><acl>
Title
Symfony 2 - ACL check permission based on 'separate' roles
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USdnagirl
UserOwnerUserId
1. USSteffen Brem
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POSymfony 2 - ACL check permission based on 'separate' roles
 UserUserId
 USSteffen Brem
 VoteTypeVoteTypeId
 VTBountyStart
2. VO
 singulars
 PostPostId
 POSymfony 2 - ACL check permission based on 'separate' roles
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POSymfony 2 - ACL check permission based on 'separate' roles
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. CO+1 for the database diagram XD
 singulars
 PostPostId
 POSymfony 2 - ACL check permission based on 'separate' roles
 UserUserId
 USGuillermo Gutiérrez

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.