5

While testing roles in my application I found the function isGranted of the SecurityContext. It works great but now I need to check the roles of a user that is not the current user so isGranted doesn't work for me.

I've been looking and I found the function hasRole of the user, the problem is that this function doesn't look in the hierarchy tree of Symfony and it just looks in the roles assigned to the user.

So, Is there a function that looks for a role of a user looking in the hierarchy tree like isGranted do for the current user?

EDIT

I found this solution:

How to use the AccessDecisionManager in Symfony2 for authorization of arbitrary users?

I implemented it and it works, the problem is that it needs the ContainerBuilder and I would prefer a different approach.

Any Idea?

Community
  • 1
  • 1
graffiacane
  • 101
  • 7
  • Your roles should be stocked in your database so you can just make a request to get the role of a different user than the one witch is connected (sorry i don't know if there is a method for this, it's just another idea to resolve your problem) – Snroki Sep 25 '12 at 08:59
  • 1
    I have a list of users and depending on the roles of the user the actions that can be applied vary – graffiacane Sep 25 '12 at 09:57

1 Answers1

0

Basically AFAIK SecurityContext work with Symfony\Component\Security\Core\Authentication\Token\TokenInterface from where can fetch current user using getUser method.

If user token is not authenticated then isGranted trying authenticate user token first and then use class called AccessDecisionManager which basically iterate over voters objects and call them (and can use different strategies for that) One of called voters is RoleHierarchyVoter which use Symfony\Component\Security\Core\Role\RoleHierarchy.

So answer to your question:

I think that is no such function like isGranted for other users (or do not know about any), but you can write own service which allow to that using security.role_hierarchy (just notice that is private service).

BTW hasRole probably should be sufficient most of the time, so maybe you should think about what do you want to do ;)

l3l0
  • 3,363
  • 20
  • 19
  • 1
    Hi l3l0, the function hasRole is not sufficient because I need to look in the hierarchy tree. – graffiacane Sep 25 '12 at 10:12
  • Hello @graffiacaneif you using FOSUserBundle you have such method as getRoles which should returns all user roles see https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Model/User.php#L312 and Model/User::hasRole should work with it too – l3l0 Sep 25 '12 at 10:53
  • Hi l3L0, maybe I'm not explaining well, but these functions doesn't return the roles that a user have inherited from the hierarchy tree, just the ones associated to the user in the database. – graffiacane Sep 25 '12 at 10:57
  • Indeed l3l0 that was my first approach, and my conclussions were the same as the ones that Adrian gets in the solution I mention in my question. – graffiacane Sep 25 '12 at 11:07