A user provider reading users from the filesystem.
This is useful when you have an API with just a few different users (different frontends, not end users). Our data comes from elasticsearch for most API calls, so we don't want to block all access just because MySQL has gone away.
As we have a multi server setup, we have a cronjob to trigger the UserProvider::dumpUsers method regularly.
| <?php | |
| namespace Symfony\Cmf\CoreBundle\Listener; | |
| use Doctrine\Common\EventSubscriber; | |
| use Doctrine\Common\Persistence\Event\LifecycleEventArgs; | |
| use Symfony\Cmf\CoreBundle\Cache\CmsInvalidator; | |
| /** | |
| * Doctrine listener to invalidate cached urls on changes. | |
| */ |
| <?php | |
| namespace App; | |
| use Symfony\Component\HttpFoundation\Request; | |
| use Symfony\Component\HttpFoundation\Response; | |
| use Symfony\Component\HttpKernel\HttpKernel; | |
| use Symfony\Component\HttpKernel\HttpKernelInterface; | |
| class AppKernel extends HttpKernel |
| $de_index = 0; | |
| $lastFrench = null; | |
| foreach ($db->query('SELECT * from fluxcms_blogposts order by post_date desc') as $row) { | |
| ... | |
| if ($row['post_lang'] == 'de') { | |
| if ($lastFrench == null) { | |
| $lastFrench = $de_index; | |
| } | |
| $de_index++; |
| class UserAdmin | |
| { | |
| ... | |
| // i inject the security.context into the constructor to have it available | |
| /** | |
| * Alter list query to only see items i created | |
| */ | |
| public function createQuery($context = 'list') | |
| { |
| // match method becomes | |
| public function matchRequest(Request $request) | |
| { | |
| $defaults = $this->nestedMatcher->matchRequest($request); | |
| foreach ($this->enhancers as $enhancer) { | |
| $defaults = $enhancer->enhance($defaults, $request); | |
| } | |
| return $defaults; |
| #!/bin/bash | |
| sudo apt-get install -y --force-yes apache2 | |
| sudo a2enmod actions | |
| sudo a2enmod rewrite | |
| echo "export PATH=/home/vagrant/.phpenv/bin:$PATH" | sudo tee -a /etc/apache2/envvars > /dev/null | |
| echo "$(cat scripts/travis/assets/phpconfig.txt)" | sudo tee /etc/apache2/conf.d/phpconfig > /dev/null | |
| echo "$(cat scripts/travis/assets/vhost.txt)" | sed -e "s,PATH,`pwd`/web,g" | sudo tee /etc/apache2/sites-available/default > /dev/null | |
| echo "date.timezone = UTC" >> `php --ini | grep "Loaded Configuration" | sed -e "s|.*:\s*||"` | |
| sudo service apache2 restart |
| indexes: | |
| projects: | |
| client: default | |
| finder: ~ | |
| types: | |
| github_repository: | |
| mappings: | |
| name: | |
| type: string | |
| index: not_analyzed |
| {% block form %} | |
| {% set url = admin.id(object) is not null ? 'edit' : 'create' %} | |
| {% if not admin.hasRoute(url)%} | |
| <div> | |
| {{ "form_not_available"|trans({}, "SonataAdminBundle") }} | |
| </div> | |
| {% else %} | |
| <form class="form-horizontal" | |
| action="{{ admin.generateUrl(url, {'id': admin.id(object), 'uniqid': admin.uniqid, 'subclass': app.request.get('subclass')}) }}" {{ form_enctype(form) }} |
We needed to decide whether a user loaded from FOSUserBundle is granted a specific role. Because of the role hierarchy, this is not as simple as doing in_array($role, $user->getRoles()). The user model only knows about its roles, not about what other roles those roles grant it.
The only thing that handles this situation that i found is the SecurityContext::isGranted method. But the problem of that is that its a check about the role of the "current" user. We needed this information in a command that generates a file and needs to know which user has permission for a specific role.
The RoleHierarchy service can not do decisions but only explode roles into all roles granted through the tree. The RoleHiararchyVoter is part of the security manager. Both are private service and thus not intended to be reused in application code.
The simplest we could come up with is this code, which we use like this:
$roleHierarchy = $this->getContainer()->get('acme_demo.security.role_hierarchy_checker');