Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding FrameWork Symfony How can I check other users or role permissions in the template? symfony2

Thread Rating:
  • 732 Vote(s) - 3.5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
How can I check other users or role permissions in the template? symfony2

Offline pentagon936


Valued member
***
Valued member
Posts: 1
Threads: 1
Joined: Apr 2020
Reputation: 0
Level: 1 [Level]
Total Points: 0
Rank 0 / 1
99% to upload Level
Rank
Activity 0 / 1
99% to upload your Rank
Activity
Experience 1
99% to upload Experience
Experience

Points: 50
#1
08-06-2023, 04:32 PM
I'm building this user manager, where admins can change permission of a group or user. I don't want to use the FOS user bundle, because I want to customize alot.

I found out I can give permissions to another user in the controller, but how can I read the permissions of another user/role? And is it possible to read these permissions of another user/role in the template?

The Ideal way I would like to do this is:
(a page to view users in a group and the permissons)

1 Get all objects and users in the controller

2 Print the users and objects in the template. Next to the objects, print the permissions this group has: VIEW EDIT DELETE OWNER..

And the same for a user(not the current), I want to be able to check the permission of a user(not the current) in the template. On a given object/class..

I know how to check if a user has a role/group, but I want to know what permissions the group/user has, like EDIT VIEW DELETE etc. with ACL.


How can I achieve this ?
Reply

Offline Sirprelude128


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Oct 2019
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
08-06-2023, 04:50 PM
You can check if the current user has a role by twig by using the function [`is_granted`](

[To see links please register here]

)

{% if is_granted('ROLE_USER') %}
{{ app.user.username }}
{% endif %}

Getting the current users roles array in twig:

{{ app.user.roles }}

If you are wanting to display from a collection of users, you can do something like this (assuming collection passed as users)

{% for user in users %}
<p>
{{ user.username }}:
{% for role in user.roles %}
{{ role }}
{% endfor %}
</p>
{% endfor %}

Reply

Offline Sirvelvety5


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Apr 2020
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#3
08-06-2023, 05:09 PM
I finally found a way to do this, its probably not the most efficient way of doing this but it works and is the only way I know of doing this, as no-one knows how to achieve this till now.

First I have a default user for every group, who cannot log in( a dummy user with the default permissions for the group ) - I get the Security ID for the default user:

$defaultUser = $this->getDoctrine()
->getRepository('TdfUserBundle:User')
->findOneByUsername('-default-'.$group->getCode());

$sid = UserSecurityIdentity::fromAccount($defaultUser);
I create an array of permisisons to check for and set some empty arrays, and load the problematic.acl_manager

$permissionsToCheck = array('VIEW', 'EDIT', 'CREATE', 'DELETE', 'OPERATOR', 'MASTER', 'OWNER');
$aclManager = $this->get('problematic.acl_manager');
Then I loop through the objects that I want to check the permission for, and check the permissions I set before in the $permissionsToCheck var. I check the permissions for the default user. The result is put in a array that I send to the template.

foreach($forumCategories as $forumCategory) :
$permissionArray[] = $this->checkPermissions($sid, $forumCategory, $permissionsToCheck, '');
endforeach;
The checkPermissions function returns an array of the permissions and some stuff I need from the Object given.

private function checkPermissions($sid, $object, $permissionsToCheck, $type)
{
$aclProvider = $this->get('security.acl.provider');
$oid = ObjectIdentity::fromDomainObject($object);
try {
$acl = $aclProvider->createAcl($oid);
}catch(\Exception $e) {
$acl = $aclProvider->findAcl($oid);
}
$aclProvider->updateAcl($acl);
foreach ($permissionsToCheck as $permissionCode):
$permissionVar = 'can'.$permissionCode;
$builder = new MaskBuilder();
$builder->add($permissionCode);
$mask = $builder->get();
try {
$$permissionVar = $acl->isGranted(array($mask),array($sid));
} catch(\Exception $e) {
$$permissionVar = false;
}
$tempPermissionsArray[$permissionCode] = $$permissionVar;
endforeach;

$returnArray = array('id' => $object->getId(),'title' => $object->getTitle(),'slug' => $object->getSlug(),'type' => $type, 'permissions' => $tempPermissionsArray);
return $returnArray;

}
After the POST of the form I check what Object has its permissions changed, If so I loop through all users in the group. For each user,revoke permissions,then get all the groups( default user for the group ). check per group(default user) permission, check what permissions to activate and give the user the correct permissions.

Here I set all permissions to false and then loop through all roles/groups(default users) and see if the permission should be set.

foreach($array['permissions'] as $permissionCode => $test ):
$$permissionCode = false;
endforeach;

foreach($user->getRoles() as $role):
$role = str_replace('ROLE_', '', $role);

$defaultUser = $this->getDoctrine()
->getRepository('TdfUserBundle:User')
->findOneByUsername('-default-'.$role);
$sid = UserSecurityIdentity::fromAccount($defaultUser);


// See all permissions
foreach($array['permissions'] as $permissionCode => $test ):
$builder = new MaskBuilder();
$builder->add($permissionCode);
$mask = $builder->get();
try {
$isGranted = $acl->isGranted(array($mask),array($sid));
if($isGranted):
$$permissionCode = true;
endif;
} catch(\Exception $e) {

}
endforeach;
endforeach;
After this I know what rights the user should have and then give the account all the rights:

$aclManager = $this->get('problematic.acl_manager');

$aclManager->revokeAllObjectPermissions($object, $user);

$mapping = array(
'VIEW' => MaskBuilder::MASK_VIEW,
'EDIT' => MaskBuilder::MASK_EDIT,
'CREATE' => MaskBuilder::MASK_CREATE,
'UNDELETE' => MaskBuilder::MASK_UNDELETE,
'DELETE' => MaskBuilder::MASK_DELETE,
'OPERATOR' => MaskBuilder::MASK_OPERATOR,
'MASTER' => MaskBuilder::MASK_MASTER,
'OWNER' => MaskBuilder::MASK_OWNER,
);
foreach($array['permissions'] as $permissionCode => $test ):
if($$permissionCode):
$mask = $mapping[$permissionCode];
$aclManager->addObjectPermission($object, $mask, $user);
endif;
endforeach;
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through