0

I've added a new option roles in routing settings for checking permissions for menu items during a menu rendering.
It would be great if I could use the option for authorization check before executing corresponding controllers.

Example: 

some_route:
    path: /path/
    defaults:   { _controller: MyBundle:Controller:action }
    option:
        roles: [ROLE_MANAGER, ROLE_ADMIN]

I need check if user has access to the controller based on his roles before executing controller itself.
How does it possible? Any ideas?

UPDATE
Why I need the roles option?
There are 4 different roles and many routes in the project. Some of routes are protected and visible only for users with specific roles.
For now all authorization checks are performed inside controllers by denyAccessUnlessGranted() method.
I also use KnpMenuBundle for building menu. And during the menu rendering I need check accessibility of each item for a current logged-in user. If the user has no access to an item it is excluded and the user doesn't see it.
In order to check if user has access to an item or not I added the option I've mentioned, where I define roles which have access to a route. And this roles options defines absolutely the same roles as in checks in denyAccessUnlessGranted(). And I think as I already have these role settings why don't use it for controller authorization checks and remove redundant code from them.

Vasily
  • 1,858
  • 1
  • 21
  • 34
  • Can you explain why you want to do this? – Frank B Nov 10 '15 at 07:53
  • @Frankbeen, I've added some explanations in the Update section. Hope you understand me, if don't then please feel free for asking details =) – Vasily Nov 10 '15 at 08:35
  • Add a kernel.controller listener and check the permissions there: http://symfony.com/doc/current/reference/events.html#kernel-controller – Cerad Nov 10 '15 at 14:03
  • @Cerad thank you, that's what I was looking for! Can you please add a new answer and copy your comment in order I can accept it. – Vasily Nov 10 '15 at 17:32

2 Answers2

3

Basically, two ways

  1. Security.yml

    - { path: ^/path/$, roles: [ROLE_MANAGER, ROLE_ADMIN] }

  2. Annotations directly into controller

    /**
 * @Security("has_role('ROLE_ADMIN') or has_role('ROLE_MANAGER')")
 */
public function nameOfYourAction()

That way, the very first action done before controller's action execution is security check: if this fails, controller will not be executed.

DonCallisto
  • 29,419
  • 9
  • 72
  • 100
  • Thanks, but I actually need this options for checking if a user has access to menu items or not during KnpMenu rendering. I've added some explanations of it to the question. If I define roles that has access to a controller by `@Security` annotation then I won't be able to get these settings during menu rendering ... or I will? – Vasily Nov 10 '15 at 08:40
  • @basil I'll take a look when I'll get some extra free time, hopefully today ;) – DonCallisto Nov 10 '15 at 09:11
1

I know this is not much of an answer but you asked for it.

Add a kernel.controller listener and check the permissions there.

Vasily
  • 1,858
  • 1
  • 21
  • 34
Cerad
  • 48,157
  • 8
  • 90
  • 92