Revoke User Role from inherited Group

Question

I'm using FOSUserBundle and set up a User / Group environment.

I can give Roles to Groups and Users.

Basically I give the Roles to the Group. Now, I want to revoke some Users in a Group a Role that is inherited from the Group.

Every time I unselect it in the UserAdminView ( SonataUserBundle ) it is rechecked again ( for sure, because it gets it from the Group)

Any Idea how to achieve that?

I thought about a extra field in the Usertable where all Roles that should be Revoked are listed.

Is there an easier opportunity?

Sadly it´s not an option. There would be too many Groups for this, it should be handleable via the User Setting. — develth, Jan 10 '13 at 19:58

score 1 · Answer 1 · answered Jan 10 '13 at 23:05

What you're asking for is beyond the scope of FOSUserBundle, as far as I know. No matter what, when a user logs in, it's going to load all of the roles assigned to a specific user, and all of the roles in the groups a user is assigned to.

You may try to create a custom field under the User entity called 'denied_roles' or something of that nature. Then create a custom login listener (listening to 'security.interactive_login') that removes the 'denied_roles'.

Revoke User Role from inherited Group

1 Answers1