Symfony2 - User specific form based on role access

Question

I have a form that has a category field drop down that has a (OneToMany/ManyToOne) to a post entity.

Situation: Right now the client has to select category in the drop down and they can make the mistake of selecting the wrong category and this will go to another blog (if they select the wrong one) and they will not have access to change this back to the proper category.

To alleviate this potential problem I'd like to do one of the two as a solution:

1) Set the category automatically based on the category they have access to

2) Or restrict the user to only select the category they have access to (e.g., if the user has a specific role they only get this category for the drop down)

The user has a ROLE_USER restriction that allows them to only CRUD what they have access to.

e.g.,

• ROLEUSER1 only has access to /category1 (and can use CRUD on this)

• ROLEUSER2 only has access to /category2 (and can use CRUD on this)

• ROLEUSER3 only has access to /category3 (and can use CRUD on this)

How can I set this up so the client cannot make the mistake of selecting the wrong category?

Form

public function buildForm(FormBuilderInterface $builder, array $options)
{
    $builder
        ->add('title')
        ->add('body')
        ->add('author')
        ->add('category')
        ->add('file', 'file', array(
            'label'    => 'Image',
            'required' => false
        ))
        ->add('created');
}

Controller

public function job1CreateAction(Request $request)
{
    $entity = new Post();
    $form = $this->createCreateForm($entity);
    $form->handleRequest($request);

    if ($form->isValid()) {
        $em = $this->getDoctrine()->getManager();
        $em->persist($entity);
        $em->flush();

        return $this->redirect($this->generateUrl('job1_show', array('id' => $entity->getId())));
    }

    return array(
        'entity' => $entity,
        'form' => $form->createView(),
    );
}

private function createCreateForm(Post $entity)
{
    $form = $this->createForm(new PostType(), $entity, array(
        'action' => $this->generateUrl('job1_create'),
        'method' => 'POST',
    ));

    $form->add('submit', 'submit', array('label' => 'Create'));

    return $form;
}

Answer 1

how about this? : remove 'category' field from form builder and manually set it in controller action:

if ($this->get('security.context')->isGranted('ROLEUSER1') {
    $entity->setCategory(CATEGORY1);
}

EDIT:

controller action:

public function job1CreateAction(Request $request)
{
    $entity = new Post();

    if ($this->get('security.context')->isGranted('ROLEUSER1') {
        $category1 = $this->getDoctrine()->getManager()->getRepository('MYBUNDLE:POST')->find(1); // we are getting category object. this is just an example cade, may be this will be different in your case

        $entity->setCategory($category1);
    }

    $form = $this->createCreateForm($entity);
    ....
}

and form:

public function buildForm(FormBuilderInterface $builder, array $options)
{
    $builder
        ->add('title')
        ->add('body')
        ->add('author')
        //->add('category')
        ->add('file', 'file', array(
            'label'    => 'Image',
            'required' => false
        ))
        ->add('created');
}