John Smith
Reputation: 209
FOSUserBundle forbid editing the username
How to forbid editing the username in FOSUserBundle?
Now i can enter profile editing page and change username. How to allow this only for ROLE_ADMIN only for example?
But to allow edit email in profile.
Found solution:
class ProfileFormType extends BaseType
{
public function buildForm(FormBuilderInterface $builder, array $options)
{
parent::buildForm($builder, $options);
$builder->remove('username');
}
public function getName()
{
return 'goock_user_profile';
}
}
Is it secure?
Upvotes: 0
Views: 1168
Answers (1)
Mike
Reputation: 2374
In order for you to allow only ROLE_ADMIN to edit a form field, you'll need to pass the "security.context" service into your form type, and then do something like the following
if ($this->securityContext->isGranted('ROLE_ADMIN')) {
$builder->add('username');
}
//or if username is already added
if (!$this->securityContext->isGranted('ROLE_ADMIN')) {
$builder->remove('username');
}
Upvotes: 2
Related Questions
- FOSUserBundle: Unrecognized field: usernameCanonical
- Symfony2: How to make username of FOSUserBundle user unique
- FOSUserBundle force user to write a different password
- Symfony 3 FosUserBundle non unique username login
- Symfony 3 FosUserBundle edit profile
- FOS user error with add new user
- avoid username by registration in FOSuserBundle
- FOS UserBundle Access Denied
- User manipulation with FOSUserBundle?
- FOSUserbundle security setting