rheck/accesscontrol-bundle

Bundle to control the user access.

Access Control Bundle

, _(*1)

This Bundle is a easy solution for the route access control. You can choose to use the default strategy of the Bundle or create your own custom., _(*2)

How it works

You can install this bundle using composer, _(*3)

composer require rheck/accesscontrol-bundle

or add the package to the composer.json file of your Symfony project., _(*4)

After you have installed the package, you need to add the bundle to your AppKernel.php file:, _(*5)

// in AppKernel::registerBundles()
$bundles = array(
    // ...
    new Rheck\AccessControlBundle\RheckAccessControlbundle(),
    // ...
);

Configuration

If you want to use the default Bundle Strategy you must to create the databases of permissions., _(*6)

1. Doctrine Schema Update Command, _(*7)

php app/console doctrine:schema:update --force

2. Create on the database directly (MySQL Example), _(*8)

CREATE TABLE rheck_permissioncontexts (
    `id` INT AUTO_INCREMENT NOT NULL,
    `name` VARCHAR(255) NOT NULL,
    `label` VARCHAR(255) NOT NULL,
    `description` VARCHAR(255) DEFAULT NULL,
    PRIMARY KEY (id)
) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = InnoDB;

CREATE TABLE rheck_permissions (
    `id` INT AUTO_INCREMENT NOT NULL,
    `name` VARCHAR(255) NOT NULL,
    `label` VARCHAR(255) NOT NULL,
    `description` VARCHAR(255) DEFAULT NULL,
    `permissionContext_id` INT DEFAULT NULL,
    INDEX IDX_538F31584B364D6E (permissionContext_id),
    PRIMARY KEY (id)
) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = InnoDB;

3. Entity, _(*9)

The permission must have relationship with an entity user or other one with realtionship with user as will be logged in and must implement an interface., _(*10)

Example:, _(*11)

use Rheck\AccessControlBundle\Entity\PermissionAccessInterface;

class User implements PermissionAccessInterface
{
    protected $permissions;

    public function __construct()
    {
        $this->permissions = new ArrayCollection();
    }

    public function addPermission(Permission $permission)
    {
        $this->permissions->add($permission);
    }

    public function getPermissions()
    {
        return $this->permissions;
    }

}

4. config.yml, _(*12)

Example 1: If you want to validate the permission with my user entity directly. The configuration is:, _(*13)

rheck_access_control:
    has_permissions: user

Example 2: Suposing that I have an entity called UserGroups and it have relationship ManyToMany with user. The configuration is:, _(*14)

rheck_access_control:
    has_permissions: user.userGroups

Usage

You have two ways to check the permissions., _(*15)

For both ways you have 4 fields:, _(*16)

1. Permissions: can be a single parameter or an array;, _(*17)

2. Context: you can group the permissions by a context, default value is "System";, _(*18)

3. Criteria: you can choose how is the criteria to check the permissions, its value can be "AND" or "OR". The default value is "AND";, _(*19)

4. Strategy: you can create your own strategy of validation. An example follow at the end of this file., _(*20)

1. Validation By Annotation

@PermissionAccess: you need to add the use statement:, _(*21)

use Rheck\AccessControl\Annotation\PermissionAccess;

Example 1 (Using the Default Bundle Strategy):, _(*22)

/**
 * @PermissionAccess("INDEX", context="DASHBOARD")
 */

On the example above I want to check if my logged user has the permission "INDEX" of context "DASHBOARD" allowed to access. Otherwise a 403 http error message will be throwed., _(*23)

Example 2 (Using the Default Bundle Strategy):, _(*24)

/**
 * @PermissionAccess({"VIEW", "VIEW_ALL"}, context="PROJECT", criteria="OR")
 */

On the example above I want to check if my logged user is allowed to access one of the array of permissions added on the permissions check. Note: I need just one permission allowed, because the criteria is "OR". If the criteria is "AND" I must to be allowed on every listed permissions., _(*25)

2. Validation By Twig

Like the "1. Validation By Annotation", we have the same parameters, so lets just adapt for the twig view:, _(*26)

Example 1 (Like the annotation example 1):, _(*27)

{% if permissionAccess("INDEX", "DASHBOARD") %}
    You have permission to access.
{% else %}
    You donot have permission to access.
{% endif %}

Example 2 (Like the annotation example 2):, _(*28)

{% if permissionAccess(["VIEW", "VIEW_ALL"], "PROJECT", "OR") %}
    You have permission to access.
{% else %}
    You donot have permission to access.
{% endif %}

Creating your own Strategy

To create your own validation strategy you must follow the steps bellow:, _(*29)

1. Create the Strategy file:

<?php

namespace MyNamespace\Strategy;

use Rheck\AccessControlBundle\Strategy\PermissionAccessStrategyInterface;

class CustomStrategy implements PermissionAccessStrategyInterface
{
    public function run($permissions, $context, $criteria)
    {
        // Validate the data as you want.
        $validatedData = true;

        return $validatedData;
    }
}

You must to return a boolean value., _(*30)

2. Register your strategy as service:

After the creation of strategy you must to register it as service, like bellow:, _(*31)

parameters:
    my.custom.strategy.class: MyNamespace\Strategy\CustomStrategy
services:
    my.custom.strategy:
        class: %my.custom.strategy.class%

3. Validate the data with your custom strategy:

3.1. Annotation:, _(*32)

/**
 * @PermissionAccess("DETAIL", strategy="my.custom.strategy")
 */

3.2. Twig, _(*33)

{% if permissionAccess("DETAIL", "SYSTEM", "AND", "my.custom.strategy") %}
   You have access.
{% else %}
   You haven't access.
{% endif %}