How to store Symfony2 "access_control" information in Database?

Question

I am using Symfony2 and I have users and roles already stored in my DB. If I set something like below in security.yml it works great:

access_control:
   - { path: ^/admin, role: ROLE_ADMIN}
   - { path: ^/users, role: ROLE_MANAGER}

But I would like to store this access_control information in the database, so the user from my system can change the permissions itself by using the administrative interface.

I looked at ACL and FOSUserBundle but could not find a solution for this. I found that I could check permissions with something like if ($user->hasRole($role)) but I would need to do this in every controller.

Is there a way to define a dynamic "access_control" feature? Maybe something like redirecting the access_control to some class that could return true or false. Any solution?

Answer 1

The access map is built here.

If no access_control is found, nothing is done.

Now, define your own implementation of the AccessMapInterface and override the parameter security.access_map.class with your class.

You will probably need a factory to build your AccessMap.

Answer 2

The best way would be to setup a specific role (e.g. DB_ROLE_CHECK) that you set on your actions/services that you want validated against your database stored roles.

Then you would create a security voter that hooks into DB_ROLE_CHECK and validates your request against your database entries.

See:

• Dynamically adding roles to a user
• http://symfony.com/doc/current/cookbook/security/voters.html (Official Docs)