0

I'm newby in Symfony, so excuse my ignorance.

In my project i use Sonata User Bundle, with User entity extended by several fields. Some of them can be edited by user himself, while others are serviceable and they can only be edited by the admin. The question is: How to ensure security when editing information by the user?
I see 2 ways:
1. Use custom validation constraints that will check user's role.
2. Use one-to-one related entity with its own Admin.
Perhaps there are some standard ways to accomplish this task?

Thanks in advance!

UPD:
The problem is that there is one entity (User) that can be edited from different places: admin area and public area. Naturally, the forms for admin and public areas are different, but there is a possibility that an attacker can forge a form and edit fields that are accessible only to the administrator. Therefore, I want to protect them at the level of entity. Is it possible?

boehpyk
  • 156
  • 1
  • 9

1 Answers1

0

There are many cases of security. You can use @Security with has_role('ROLE_ADMIN') annotation for your action or in twig is_granted to display or not a field or use custom voter to check if user can edit or delete un objet look at this. Describe your need clearly to help you.

T. Abdelmalek
  • 418
  • 3
  • 10
  • The problem is that there is one entity (User) that can be edited from different places: admin area and public area. Naturally, the forms for admin and public areas are different, but there is a possibility that an attacker can forge a form and edit fields that are accessible only to the administrator. Therefore, I want to protect them at the level of entity. Is it possible? – boehpyk Sep 12 '17 at 09:03
  • 1
    try to use form events pre set data and presubmit data and pass in construct authorizationChecker to check if role of current user in load form and just in submit is the correct once. – T. Abdelmalek Sep 12 '17 at 12:20