Reputation: 10478
Whats the difference between role and name in symfony2 role class?
I am trying to pull roles from a database to use for authenticating users. To do this I've created a group object that extends Role much like the code bellow:
// src/Acme/Bundle/UserBundle/Entity/Group.php
namespace Acme\UserBundle\Entity;
use Symfony\Component\Security\Core\Role\Role;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\ORM\Mapping as ORM;
/**
* @ORM\Table(name="acme_groups")
* @ORM\Entity()
*/
class Group extends Role
{
/**
* @ORM\Column(name="id", type="integer")
* @ORM\Id()
* @ORM\GeneratedValue(strategy="AUTO")
*/
private $id;
/**
* @ORM\Column(name="name", type="string", length=30)
*/
private $name;
/**
* @ORM\Column(name="role", type="string", length=20, unique=true)
*/
private $role;
/**
* @ORM\ManyToMany(targetEntity="User", mappedBy="groups")
*/
private $users;
public function __construct()
{
$this->users = new ArrayCollection();
}
// ... getters and setters for each property
/**
* @see RoleInterface
*/
public function getRole()
{
return $this->role;
}
}
What confuses me is that I can't see the relationship between this class and the corresponding fields in security.yml such as:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
So would names be on the right side of the : and role on the right side? For example in
ROLE_ADMIN: ROLE_USER
Would ROLE_ADMIN be the group name and ROLE_USER become the role? What also doesn't make sense to me is how symfony2 implements the role property as a single variable and not an array. Since in the statement
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
There are multiple roles, not just one role. How does any of this correspond to the class defined above? I am following the symfony2 cookbook http://symfony.com/doc/current/cookbook/security/entity_provider.html#managing-roles-in-the-database.
Upvotes: 0
Views: 662
Answers (1)
Reputation: 3353
The security.yml role_hierarchy is to do with role's inheritance. It allows you to create many roles and then state that some roles inherit other roles. http://symfony.com/doc/current/book/security.html#hierarchical-roles
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
The above means that if as a user I have the role "ROLE_SUPER_ADMIN" (which comes from the role field in your group entity) then I also inherit the roles "ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH".
so: ROLE_TO_INHERIT: [ROLES_TO_INHERIT_FROM]
So your name field has no meaning in security.yml only your role field. Role hierarchy is separate to where you store your roles. It is an extra level of configuration so that, for example, you don't need to add 3 roles to every super admin user but rather just add the super admin role and they will inherit all the other roles.
Hopefully that makes sense, remember that in order for you to use the role hierarchy you need to have the roles in your database. It's no good configuring the above ROLE_SUPER_ADMIN hierarchy if you have no ROLE_SUPER_ADMIN that you can assign to users. So create all your roles in your group table and then set up the hierarchy.
Upvotes: 1
Related Questions
- Symfony 3 - I have some difficulties to manage my roles
- how to manage roles in symfony
- Where and how symfony store user roles
- Symfony2 - ACL & ROLES
- Roles assignement in Symfony 2
- symfony2 security roles
- What is the difference between ACL and user roles in Symfony2
- Symfony2 - Dynamic Role Management
- Role Interface and Manage Roles
- Issues related to roles in symfony