3

I can't seem to find documentation on how to use the rules that are linked to a fos_group for access control.
In this project I want to be able to define new groups later on that use predefined roles like: ROLE_USER, ROLE_AMDIN and ROLE_SUPERAMDIN.
On each page is defined what a role can or cannot do.

Normally I use the is_granted function in twig to check the roles, but since I want the system to check the roles of the group first and if the user has no group check the user specific roles, than I won't be able to use it.

Any ideas on how to achieve this in Symfony2 with the FOSUserBundle groups?

ekad
  • 14,436
  • 26
  • 44
  • 46
Robin Hermans
  • 1,579
  • 1
  • 24
  • 52
  • Have you read: https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Resources/doc/groups.md ? – Manolo Nov 05 '13 at 11:08
  • Yes I have. I used this to create the link between my fos_user table and fos_group. But it does not explain how to use the rights that are in each group. – Robin Hermans Nov 05 '13 at 11:11
  • Maybe this helps you: http://stackoverflow.com/questions/15057088/fosuserbundle-group-role-setup – Manolo Nov 05 '13 at 12:14
  • Thanks for the help, but I've been reading all stuff that was on stackoverflow. Unfortunately nothing seems to match my question – Robin Hermans Nov 05 '13 at 12:19

1 Answers1

2

I have been trying to make such a work. This is what I found :merging the group roles with default user roles by overriding the getRoles method. I Hope that this would help someone.

class Users extends BaseUser
{

  [...]
 public function getRoles()
 {
    $roles = $this->roles;

    foreach ($this->getGroups() as $group) {
        $roles = array_merge($roles, $group->getRoles());
    }

    // we need to make sure to have at least one role
    $roles[] = static::ROLE_DEFAULT;

    return array_unique($roles);
 }
}
Akram
  • 174
  • 3
  • 12
  • this seems to be the correct solution, its used by `FOSUser` in `FOS\UserBundle\Model\User` entity via implementing GroupableInterface – gondo Aug 18 '14 at 12:08
  • Akram(currently author of this answer): its not cool to take someone's else work and call it yours – gondo Aug 18 '14 at 12:09