tourze / doctrine-row-permission-bundle
Doctrine Row Permission Bundle
Installs: 0
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Type:symfony-bundle
pkg:composer/tourze/doctrine-row-permission-bundle
Requires
- php: ^8.1
- ext-hash: *
- doctrine/common: ^3.5
- doctrine/dbal: ^4.0
- doctrine/doctrine-bundle: ^2.13
- doctrine/orm: ^3.0
- doctrine/persistence: ^3.1 || ^4
- psr/cache: ^2.0 || ^3.0
- psr/log: ^3|^2|^1
- symfony/config: ^6.4
- symfony/console: ^6.4
- symfony/dependency-injection: ^6.4
- symfony/doctrine-bridge: ^6.4
- symfony/framework-bundle: ^6.4
- symfony/http-kernel: ^6.4
- symfony/security-core: ^6.4
- symfony/yaml: ^6.4 || ^7.1
- tourze/doctrine-indexed-bundle: 0.0.*
- tourze/doctrine-snowflake-bundle: 0.1.*
- tourze/doctrine-timestamp-bundle: 0.0.*
- tourze/doctrine-track-bundle: 0.1.*
- tourze/doctrine-user-bundle: 0.0.*
- tourze/easy-admin-attribute: 0.1.*
Requires (Dev)
- phpstan/phpstan: ^2.1
- phpunit/phpunit: ^10.0
This package is auto-updated.
Last update: 2025-11-01 19:14:43 UTC
README
A Symfony Bundle that provides row-level permission control system based on Doctrine ORM, serving as a complement to RBAC permission systems for precise data access control at entity level.
Table of Contents
Features
- π Row-Level Security - Control access to specific entity instances
- π― Multiple Permission Types - Support view, edit, delete operations
- π« Explicit Deny - Support for explicit access denial with highest priority
- π Query Integration - Doctrine QueryBuilder integration for filtered queries
- β‘ Performance Cache - Built-in caching for improved permission checking
- π¦ Batch Operations - Efficient batch permission management
Installation
Requirements
- PHP 8.1+
- Symfony 7.3+
- Doctrine ORM 3.0+
Install via Composer
composer require tourze/doctrine-row-permission-bundle
Register Bundle
Add to config/bundles.php:
return [ // ... Tourze\DoctrineRowPermissionBundle\DoctrineRowPermissionBundle::class => ['all' => true], ];
Quick Start
Basic Permission Management
<?php use Tourze\DoctrineRowPermissionBundle\Interface\RowPermissionInterface; use Tourze\DoctrineRowPermissionBundle\Interface\PermissionConstantInterface; class ProductService { public function __construct( private RowPermissionInterface $permissionService ) {} // Grant single entity permission public function grantUserAccess(User $user, Product $product): void { $this->permissionService->grantPermission($user, $product, [ PermissionConstantInterface::VIEW => true, PermissionConstantInterface::EDIT => false, ]); } // Check permission public function canUserViewProduct(User $user, Product $product): bool { return $this->permissionService->hasPermission( $user, $product, PermissionConstantInterface::VIEW ); } }
Query Integration
<?php use Doctrine\ORM\EntityRepository; use Tourze\DoctrineRowPermissionBundle\Interface\RowPermissionInterface; class ProductRepository extends EntityRepository { public function __construct( private RowPermissionInterface $permissionService ) {} public function findUserAccessibleProducts(User $user): array { $qb = $this->createQueryBuilder('p'); // Apply permission filters $conditions = $this->permissionService->getQueryConditions( Product::class, 'p', $user, [PermissionConstantInterface::VIEW] ); foreach ($conditions as [$operator, $condition, $parameters]) { $qb->andWhere($condition); foreach ($parameters as $name => $value) { $qb->setParameter($name, $value); } } return $qb->getQuery()->getResult(); } }
Batch Operations
<?php // Grant permissions to multiple entities at once $this->permissionService->grantBatchPermissions($user, $products, [ PermissionConstantInterface::VIEW => true, ]);
Configuration
Cache Setup
Configure cache for better performance:
# config/services.yaml services: Tourze\DoctrineRowPermissionBundle\Service\SecurityService: arguments: $cache: '@cache.app'
Custom Permission Logic
Implement custom permission logic:
<?php use Tourze\DoctrineRowPermissionBundle\Interface\RowPermissionInterface; class CustomPermissionService implements RowPermissionInterface { public function hasPermission(?UserInterface $user, object $entity, string $permission): bool { // Custom logic here } // Implement other interface methods... }
Permission Types
Available permission constants:
PermissionConstantInterface::VIEW- View permissionPermissionConstantInterface::EDIT- Edit permissionPermissionConstantInterface::UNLINK- Delete/unlink permissionPermissionConstantInterface::DENY- Explicit deny (highest priority)
Security
This bundle implements row-level security (RLS) patterns. For security considerations:
- Always validate user input before granting permissions
- Use explicit deny for sensitive operations
- Cache permission checks appropriately
- Regular audit of permission assignments
Contributing
We welcome contributions! Please follow these steps:
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Development
# Install dependencies composer install # Run tests (from monorepo root) ./vendor/bin/phpunit packages/doctrine-row-permission-bundle/tests # Run static analysis (from monorepo root) ./vendor/bin/phpstan analyse packages/doctrine-row-permission-bundle # Run package checks (from monorepo root) bin/console app:check-packages doctrine-row-permission-bundle
License
The MIT License (MIT). Please see License File for more information.