Reputation: 969
Symfony 2.7, dynamical role for user versus Mysql Table
What is the best way to implement such a security, than only several users can edit the "Event" entity.
1) Use Noback advice about dynamical roles: http://php-and-symfony.matthiasnoback.nl/2012/07/symfony2-security-creating-dynamic-roles-using-roleinterface/
But it is not clear for me how to use these roles. But it is clear how to create them.
2) Create table with users_id, who can edit "Event", and than check in eventEditAction if editing user is in this table for this event ?
What are other ways to permit only for certain users to edit "Event" entity ( / to forbid for other users to edit ) ?
Upvotes: 0
Views: 71
Answers (1)
Reputation: 3697
if you want to make a (custom) list of users that can edit an event then you should create that list with a many-to-many (User versus Event) relation in the database. Then you can use a Voter to check User Permissions: http://symfony.com/doc/current/cookbook/security/voters.html
Upvotes: 1
Related Questions
- Symfony 4 - Define custom user roles from DB
- Dynamically set roles on authentication
- Symfony many role for user
- Symfony Role Hierarchy
- How to dynamic handle roles|permissions in Symfony2 at database level: CRUD operations over them
- Roles assignement in Symfony 2
- symfony2 security roles
- Symfony 2 - Loading roles from database
- Symfony access_control by role
- Symfony2 - Dynamic Role Management