0

I have a database that contains hundreds of thousands of records. For commercial reasons only users who work on specific projects can view certain records, we identify these records via a project_code field.

I think there is a facility in doctrine to filter records based on the users ROLE.

Can anyone explain to me how I make use of this row level filtering.

PrestonDocks
  • 4,851
  • 9
  • 47
  • 82
  • You could start here: http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/reference/filters.html Personally I don't care for this sort of majic. I would just add the necessary conditions to my queries. – Cerad May 20 '17 at 20:36
  • On a small application that would work, but when you have a large site with many developers and someone makes a join to the table it is easy to forget to add the extra where clause. Also in larger companies you need to be able to demonstrate to auditors how you ensure you are compliant. – PrestonDocks May 21 '17 at 09:40

1 Answers1

0

In doctrine.yaml, add a filter:

    orm:
        auto_generate_proxy_classes: true
        naming_strategy: doctrine.orm.naming_strategy.underscore_number_aware
        auto_mapping: true
        filters:
            project_filter: App\Doctrine\AuthorizedUsersFilter

Then create a service in src/Doctrine/AuthorizedUsersFilter.php

class AuthorizedUsersFilter extends SQLFilter
{
    /**
     * @return string The constraint SQL if there is available, empty string otherwise.
     */

    public function addFilterConstraint(ClassMetadata $targetEntity, $targetTableAlias): string
    {
        // check if this class is one that will be filtered, e.g. this user can only view records with a certain project ID


        if (/* a class that is filtered */) { 
        return sprintf('%s.project_id = %s', $targetTableAlias, $project_id);
        }

        return '';

    }
Tac Tacelosky
  • 3,165
  • 3
  • 27
  • 28