2017 © Pedro Peláez
 

library security-voter-generator-bundle

Symfony HshnSecurityVoterGeneratorBundle

image

hshn/security-voter-generator-bundle

Symfony HshnSecurityVoterGeneratorBundle

  • Saturday, December 13, 2014
  • by hshn
  • Repository
  • 1 Watchers
  • 0 Stars
  • 287 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 1 Versions
  • 0 % Grown

The README.md

HshnSecurityVoterGeneratorBundle

Build Status Latest Stable Version Total Downloads Latest Unstable Version License, (*1)

This bundle provides the way to define definition of simple security voters for symfony, (*2)

Installation

Step 1: Download HshnSecurityVoterGeneratorBundle using composer

$ php composer.phar require hshh/security-voter-generator-bundle:dev-master

Step 2: Enable the bundle

<?php
// app/AppKernel.php

public function registerBundles()
{
    $bundles = array(
        // ...
        new \Hshn\ClassMatcherBundle\HshnClassMatcherBundle(),
        new \Hshn\SecurityVoterGeneratorBundle\HshnSecurityVoterGeneratorBundle(),
    );
}

Step 3: Configure the HshnSecurityVoterGeneratorBundle

# app/config/config.yml

hshn_class_matcher:
    matchers:
        post: { equals: AcmeBundle\Entity\Post }

hshn_security_voter_generator:
    voters:
        voter_1:
            attributes: [OWNER]
            class_matcher: post
            expression: 'user === object.getUser()'
        voter_2:
            attributes: [OWNER]
            class_matcher: post
            property_path:
                token:  user
                object: user # It means '$token.getUser() === $object.getUser()'

Step 4: Add some authorization checking

<?php
// controller/FooController.php

/**
 * without any extra bundles
 */
public function bar1Action(AcmeBundle\Entity\Post $post)
{
    // symfony 2.5
    if (!$this->get('security.context')->isGranted('OWNER', $post)) {
        throw $this->createNotFoundException();
    }

    // symfony 2.6+
    if (!$this->get('security.authorization_checker')->isGranted('OWNER', $post)) {
        throw $this->createNotFoundException();
    }
}

use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;

/**
 * with SensioFrameworkExtraBundle
 *
 * @Security("is_granted('OWNER', post)")
 */
public function bar2Action(AcmeBundle\Entity\Post $post)
{
}

use JMS\SecurityExtraBundle\Annotation\SecureParam;

/**
 * with JMSSecurityExtraBundle
 *
 * @SecureParam(name="post", permissions="OWNER")
 */
public function bar3Action(AcmeBundle\Entity\Post $post)
{
}

The Versions

13/12 2014