Check if a role is provided for a specific user in the Symfony2 ACL

Question

Check if a role is provided for a specific user in the Symfony2 ACL

I want to check if a role is provided for a specific user in Symfony2 (and not for a registered user). I know that I can check it for a registered user:

$securityContext = $this->get('security.context');

if (false === $securityContext->isGranted('VIEW', $objectIdentity)) {
        //do anything
}

but if i am a registered user and i wand to check another user if isGranted ??

+4

symfony acl

said.seven Jun 06 '14 at 9:17

source share

5 answers

medowlock · Answer 1 · 2015-04-28T07:52:43+0000

"VIEW" is a permission, not a role.

The best way to check if a user is authorized (whether it is a role or permission) is to access the AccessDecisionManager. Sort of:

$token = new UsernamePasswordToken($user, 'none', 'none', $user->getRoles());
$attributes = is_array($attributes) ? $attributes : array($attributes);
$this->get('security.access.decision_manager')->decide($token, $attributes, $object);

. : fooobar.com/questions/673543/....

cristian · Answer 2 · 2014-11-14T22:50:30+0000

, UserSecurityIdentity. :

YourApp/AppBundle/Resources/config.yml

yourapp.security_context:
    class: YourApp\AppBundle\Security\Core\SecurityContext
    arguments: [ @security.acl.provider ]

, :

namespace YourApp\AppBundle\Security\Core;

use Symfony\Component\Security\Acl\Model\MutableAclProviderInterface;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
use Symfony\Component\Security\Acl\Permission\MaskBuilder;

use Symfony\Component\Security\Acl\Exception\AclNotFoundException;
use Symfony\Component\Security\Acl\Exception\NoAceFoundException;

use YourApp\AppBundle\Document\User;

/**
 * Allows ACL checking against a specific user object (regardless of whether that user is logged in or not)
 *
 */
class SecurityContext
{
    public function __construct(MutableAclProviderInterface $aclProvider)
    {
        $this->aclProvider = $aclProvider;
    }

    public function isGranted($mask, $object, User $user)
    {
        $objectIdentity = ObjectIdentity::fromDomainObject($object);
        $securityIdentity = UserSecurityIdentity::fromAccount($user);

        try {
            $acl = $this->aclProvider->findAcl($objectIdentity, array($securityIdentity));
        } catch (AclNotFoundException $e) {
            return false;
        }

        if (!is_int($mask)) {
            $builder = new MaskBuilder;
            $builder->add($mask);

            $mask = $builder->get();
        }

        try {
            return $acl->isGranted(array($mask), array($securityIdentity), false);
        } catch (NoAceFoundException $e) {
            return false;
        }
    }
}

, , :

$someUser = $this->findSomeUserFromYourDatabase();

if ($this->get('yourapp.security_context')->isGranted('VIEW', $article, $someUser) {
   // ...
}

Debreczeni András · Answer 3 · 2014-06-06T09:31:07+0000

SecurityContext, . , , getRoles, , , UserInterface.

$otherUser = $this->get('doctrine')->...   // fetch the user

if( $otherUser instanceof \Symfony\Component\Security\Core\User\UserInterface  )
{ 
     $roles = $otherUser->getRoles();

     // your role could be VIEW or ROLE_VIEW, check the $roles array above. 
     if ( in_array( 'VIEW' , $roles ) )
     {
      // do something else
     }
}

FosUserBundle UserInterface, hasRole. :

$otherUser = $this->get('doctrine')->...   // fetch the user

if( $otherUser instanceof \FOS\UserBundle\Model\UserInterface  )
{ 
     // your role could be VIEW or ROLE_VIEW, check the proper role names
     if ( $otherUser->hasRole( 'VIEW' ) )
     {
      // do something else
     }
}

leberknecht · Answer 4 · 2019-09-23T15:56:07+0000

Sf4 (, , , ) AuthorizationCheckerInterface, , , :

namespace App\Service;

use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Security;

class MyService
{
    private $authorizationChecker;
    private $security;

    public function __construct(Security $security, AuthorizationCheckerInterface $authorizationChecker)
    {
        $this->authorizationChecker = $authorizationChecker;
        $this->security = $security;
    }

    public function something(): void
    {
        $this->authorizationChecker->isGranted('ROLE_ADMIN', $this->security->getUser());
        [...]
    }
}

User -. Refs: https://symfony.com/doc/current/components/security/authorization.html

Francesco borzi · Answer 5 · 2016-05-25T15:31:11+0000

, , .

, .

So, in our custom class (the one that implements UserInterface), we simply add this method:

/**
 * @param string $role
 * @return bool
 */
public function hasRole($role)
{
    if (in_array($role, $this->getRoles())) {
        return true;
    }
    return false;
}

then we can use:

$someUser->hasRole('SOME_ROLE');

Check if a role is provided for a specific user in the Symfony2 ACL

More articles: