I'm looking for a solutions where I can do the following in my Sonata backend:
In my database I have the following tables:
roles
id
name
role
is_super_admin
weight
permissions
name
permissions
description
role_permission (many to many)
role_id
permission_id
So I would like to save relations in my table role_permission. But I'm a bit stuck on how to do this in Sonata admin. Can I do this in the list view? And if yes, can you help me on my way?
Not sure if OP wants to implement custom roles or use existing features. However I would recommend using a single role system. Sonata already has handlers for security so in my opinion it would be best to use those instead of creating your own.
On the sonata site, there is a section in the admin bundle about security. Which explains how to setup certain types of role management. I would either go for the Role or ACL handler depending on what you need.
When enabling the role handler you can create groups of roles. These groups would serve as your "Role 1". For example I could create a group called "Beta Testers" and give them the ROLES (permissions) ROLE_CHECK_BETA_CONTENT and ROLE_BETA_FEEDBACK_FORM. Now if you want normal users to not have these rights you could create a normal user group and assign every other role (permission).
Related
I'm new to laravel and don't have much experience in it.
There is a scenario of defining access levels in a laravel project. Our team has decided to use spatie package for implementing different access levels.
I know, how to implement basic roles and permissions but in our case, we're following an application where we have 3 basic roles:
1. Full Admin
2. Employees
3. Managers
In Employee role we further have sub-roles, like UK-Employees, US-Employees, FullTime-Employees, etc.
These different groups/roles have different permissions, which we can change according to our needs.
On the index page of Access Levels, we can create a new role by deciding which type of role we want to create? Employee/Manager/Custom. On selecting one role, we go to another page and on that page, we get some predefined permissions according to the role type (Employee, Manager or Custom). Further, we can change those permissions to define new roles.
Can anyone suggest to me how can I implement this scenario using spatie?
Moreover, if the question is not understandable please suggest edits.
I have an application with many users.
Each user is associated with one and only one profile.
The profile has many global rights on many entities.
For example,
The role "writer" has access to write, read and edit for my entity "Blog".
Roles are dynamic, I can add role in my back office.
I think I must use Symfony Voter but I don't know how I can control if my user has the right to edit for example, an article.
Do you have an example to make this architecture for my constraint?
Thank you.
In Symfony documentation there is nice article about voters: user is able to edit his own article only.
For deeper understanding, check this presentation - Drop ACE, use voters.
The current ACL of phalcon is managing access between roles, resources and its actions. For example, if we want to allow specific role into specific resource :
$acl->isAllowed("Guests", "Customers", "search");
This check if role called "Guest" can access "Customers" controller for action "search".
In my scenario, we also have "Role Level", for example, Admin can access all modules and controllers, but, to modify the contents, an Admin should have minimum Role Level 2. To gain access to modifying website configuration, an Admin should have Role Level 3.
In addition to role level, we also want to assign which models a role can have access to. For example, Mr. A and Mr. B both are Admins and have same levels. But, we decided only to allow Mr. A to access "Accounts" models while Mr. B can have access to "Accounts", "Personnel", etc.
Here are my questions :
Does phalcon ACL support roles and levels ? Or, should I just create the custom validation?
What is the benefit of using ACL compared to creating similar validation functions?
If I have to create custom validation, where should I put it ? In the controller, or in the dispatcher ?
Thx
At the moment Phalcon does not support Role based ACLs. You will have to do something yourself to cover this. The feature has however been asked for and it is in the long list of NFRs for the project :)
The way I would go about it is use a combination of Phalcon functionality and custom programming. I would add everything to a base controller in the beforeExecuteRoute function so that whenever something is to be dispatched ACL is checked.
In a similar project to yours, I created two tables in my database:
Groups
------
group_id <- 2
group_name <- Admins
and have an ACL table that maps all actions to a group like so
ACL
---
group_id <- 2
acl_controller <- Customers
acl_action <- Search
You can easily extend this to have a collection of controller/action pairs to map to a Role. From there you can just create a simple function that would load the role based resources.
It is a bit of a workaround but it works.
I generated entity and model, then a CRUD for it using Gii. Default access rules say that delete action can do just users with admin role. By default we have 2 users defined in UserIdentity.php: admin/admin and demo/demo. Demo is common user and admin is admin user. Authenticating with demo I have "403 forbiden" on delete page. So question is where is set role for these default users?
In your access rules array, you need to specify users not roles. Until you start using the RBAC module, you will have no roles assigned. The tutorial for RBAC shows how to define your roles and assign them to users. What it doesn't tell you is where to populate the files. read up about data migrations. That is where I populated my files.
This is not default users but default roles. You should read about RBAC
It depends on how deep you plan to go with your site security. If you are just trying grant access to specific users from that default users array, you can just configure them through the accessRules method and use the users configuration.
Otherwise, if you actually want a comprehensive role system, you will want to look into RBAC as #oroshnivskyy suggested.
I installed FOSUserBundle and i would like to add any additional role, such ROLE_NEW. In sfGuardUser just had to do
$this->getUser()->addCredential('new');
in action, and here?
Besides, how can I (admin) manage all (first of all manage ROLES) users? In sfGuardUser I had generated default admin page, and here?
By default FOSUserBundle manage roles as array, but you can use the concept of "Groups" for this purpose.
Read in docs https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Resources/doc/groups.md
And read some discussions about advantages and disadvantages
FOS bundle - How to select users with a specific role?