Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I check other users or role permissions in the template? symfony2

Tags:

twig

symfony

I'm building this user manager, where admins can change permission of a group or user. I don't want to use the FOS user bundle, because I want to customize alot.

I found out I can give permissions to another user in the controller, but how can I read the permissions of another user/role? And is it possible to read these permissions of another user/role in the template?

The Ideal way I would like to do this is: (a page to view users in a group and the permissons)

1 Get all objects and users in the controller

2 Print the users and objects in the template. Next to the objects, print the permissions this group has: VIEW EDIT DELETE OWNER..

And the same for a user(not the current), I want to be able to check the permission of a user(not the current) in the template. On a given object/class..

I know how to check if a user has a role/group, but I want to know what permissions the group/user has, like EDIT VIEW DELETE etc. with ACL.

How can I achieve this ?

like image 714
Arazu Avatar asked Apr 13 '13 17:04

Arazu


2 Answers

You can check if the current user has a role by twig by using the function is_granted

{% if is_granted('ROLE_USER') %}
  {{ app.user.username }}
{% endif %}

Getting the current users roles array in twig:

{{ app.user.roles }}

If you are wanting to display from a collection of users, you can do something like this (assuming collection passed as users)

{% for user in users %}
  <p>
     {{ user.username }}:
     {% for role in user.roles %}
      {{ role }}
     {% endfor %}
  </p>
{% endfor %}
like image 99
Ghassan Idriss Avatar answered Sep 21 '22 00:09

Ghassan Idriss


I finally found a way to do this, its probably not the most efficient way of doing this but it works and is the only way I know of doing this, as no-one knows how to achieve this till now.

First I have a default user for every group, who cannot log in( a dummy user with the default permissions for the group ) - I get the Security ID for the default user:

$defaultUser = $this->getDoctrine()
    ->getRepository('TdfUserBundle:User')
    ->findOneByUsername('-default-'.$group->getCode());

$sid = UserSecurityIdentity::fromAccount($defaultUser);

I create an array of permisisons to check for and set some empty arrays, and load the problematic.acl_manager

$permissionsToCheck = array('VIEW', 'EDIT', 'CREATE', 'DELETE', 'OPERATOR', 'MASTER', 'OWNER');
$aclManager = $this->get('problematic.acl_manager');

Then I loop through the objects that I want to check the permission for, and check the permissions I set before in the $permissionsToCheck var. I check the permissions for the default user. The result is put in a array that I send to the template.

foreach($forumCategories as $forumCategory) :
    $permissionArray[] = $this->checkPermissions($sid, $forumCategory, $permissionsToCheck, '');
endforeach;

The checkPermissions function returns an array of the permissions and some stuff I need from the Object given.

private function checkPermissions($sid, $object, $permissionsToCheck, $type) 
{
    $aclProvider = $this->get('security.acl.provider');
    $oid = ObjectIdentity::fromDomainObject($object);
    try {
        $acl = $aclProvider->createAcl($oid);
    }catch(\Exception $e) {
        $acl = $aclProvider->findAcl($oid);
    }
    $aclProvider->updateAcl($acl);
    foreach ($permissionsToCheck as $permissionCode):
        $permissionVar = 'can'.$permissionCode;
        $builder = new MaskBuilder();
        $builder->add($permissionCode);
        $mask = $builder->get();
        try {
            $$permissionVar = $acl->isGranted(array($mask),array($sid));
        } catch(\Exception $e) {
            $$permissionVar = false;
        }
        $tempPermissionsArray[$permissionCode] = $$permissionVar;
    endforeach;

    $returnArray = array('id' => $object->getId(),'title' => $object->getTitle(),'slug' => $object->getSlug(),'type' => $type, 'permissions' => $tempPermissionsArray);
    return $returnArray;

}

After the POST of the form I check what Object has its permissions changed, If so I loop through all users in the group. For each user,revoke permissions,then get all the groups( default user for the group ). check per group(default user) permission, check what permissions to activate and give the user the correct permissions.

Here I set all permissions to false and then loop through all roles/groups(default users) and see if the permission should be set.

 foreach($array['permissions'] as $permissionCode => $test ):
        $$permissionCode = false;
    endforeach;

    foreach($user->getRoles() as $role):
        $role   = str_replace('ROLE_', '', $role);

        $defaultUser = $this->getDoctrine()
            ->getRepository('TdfUserBundle:User')
            ->findOneByUsername('-default-'.$role);
        $sid = UserSecurityIdentity::fromAccount($defaultUser);


        // See all permissions
        foreach($array['permissions'] as $permissionCode => $test ):
            $builder = new MaskBuilder();
            $builder->add($permissionCode);
            $mask = $builder->get();
            try {
                $isGranted = $acl->isGranted(array($mask),array($sid));
                if($isGranted):
                    $$permissionCode = true;
                endif;
            } catch(\Exception $e) {

            }
        endforeach;
    endforeach;

After this I know what rights the user should have and then give the account all the rights:

$aclManager = $this->get('problematic.acl_manager');

$aclManager->revokeAllObjectPermissions($object, $user);

$mapping = array(
        'VIEW'      => MaskBuilder::MASK_VIEW,
        'EDIT'      => MaskBuilder::MASK_EDIT,
        'CREATE'    => MaskBuilder::MASK_CREATE,
        'UNDELETE'  => MaskBuilder::MASK_UNDELETE,
        'DELETE'    => MaskBuilder::MASK_DELETE,
        'OPERATOR'  => MaskBuilder::MASK_OPERATOR,
        'MASTER'    => MaskBuilder::MASK_MASTER,
        'OWNER'     => MaskBuilder::MASK_OWNER,
    );
foreach($array['permissions'] as $permissionCode => $test ):
    if($$permissionCode):
        $mask = $mapping[$permissionCode];
        $aclManager->addObjectPermission($object, $mask, $user);
    endif;
endforeach;
like image 34
Arazu Avatar answered Sep 23 '22 00:09

Arazu