a5sys/acl-doctrine-filter-bundle

Installs: 1 480

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 4

Forks: 1

Open Issues: 0

Type:symfony-bundle

2.0.0 2022-02-08 10:32 UTC

This package is auto-updated.

Last update: 2025-01-08 17:01:20 UTC


README

Deprecated in favor of https://www.doctrine-project.org/projects/doctrine-orm/en/2.8/reference/filters.html

AclDoctrineFilterBundle

This bundles allow to filter doctrine entities automatically

Installation

Composer

composer require "a5sys/acl-doctrine-filter-bundle"

Activate the bundle

In your AppKernel, add the bundle:

new A5sys\AclDoctrineFilterBundle\AclDoctrineFilterBundle(),

Configuration

Add the doctrine filter configuration to your config.yml

doctrine:
    orm:
        filters:
            acl:
                class: 'A5sys\AclDoctrineFilterBundle\Filter\AclFilter'
                enabled: true

You can also disable the ACL for some roles:

acl_doctrine_filter:
	    no_acl_roles:
	        - "ROLE_ADMIN" #mandatory list of user roles that does not have acl

Usage

Guess you have 3 entities:

  • User
  • UserProject (link between user and project, it is our acl)
  • Project

In your code, if you do:

	$projectRepository->findAll();

You will get all projects without any ACL

Modify the Project.php entity, add the AclAnnotation:

namespace AppBundle\Entity;

** use A5sys\AclDoctrineFilterBundle\Annotation\AclAnnotation;** use Doctrine\ORM\Mapping as ORM;

/**
 * @ORM\Table(name="project")
 * @ORM\Entity
 * @AclAnnotation(aclSql="##TABLEALIAS##.id in (select distinct project.id from project inner join user_project ON user_project.project_id = project.id where user_project.user_id = ##USERID##)")
 */
class Project
{
....

and automatically, the sql of the annotation will be appended to all SQL queries and no forbidden entities will ever be retrieved.

You do the same for all entities you want to protect with ACL.

Reserved keyword

##TABLEALIAS##

This keyword will be automatically replaced par the table alias generated by the DQL

##USERID##

This keyword will be automatically replaced par the id of the logged user