ACL implementation in symfony2

Question

Am new to symfony and need to work on ACL part I Need to built the ACl in my project, which can be explained with below table

Users/Access    User_List_View  User_Create User_Edit   User_Delete User_Status Edit_ownDetails
Super Admin     Yes             Yes         Yes         Yes         Yes         Yes
Admin           Yes             No          Yes         No          Yes         Yes
Client          No              No          No          No          No          Yes

Role Assign

User    Role
User-A  Super Admin
User-B  Admin
User-C  Client
User-D  Client

I have checked many of the link below
http://symfony-gu.ru/documentation/en/html/cookbook/security/acl.html
https://github.com/Problematic/ProblematicAclManagerBundle
https://www.adayinthelifeof.nl/2012/07/04/symfony2-implementing-acl-rules-in-your-data-fixtures/
http://knpuniversity.com/screencast/question-answer-day/symfony2-users-menu-cms
https://knpuniversity.com/screencast/symfony-voters
http://kriswallsmith.net/page/4
http://problematic.io/2012/03/10/symfony2-bundles-i-cant-live-without/

Most popular what I found was the FOSUserbundle but I need to achieve that writing manually with the role, for the same I also checked the voter which is also a good one but the requirement of my client is that he should even be able to create a custom rights for each of the individual user. So I need to implement the ACL like table structure which should be easy for him to modify at individual level.

For creating a sample i tried to implement the http://symfony.com/doc/current/cookbook/security/acl.html, but from the link I did not clearly understood where to add the role for the user and how to check my grid for the roles and access. The document seems to be very difficult to understand for implementation.

If anyone has achieved this in some or the other way OR using any of the third party library?

Even I have checked the following link in stackoverflow but there is no response which I can use Symfony Acl implementation
How to make advanced ACL in Symfony2? Check if a role is granted for a specific user in Symfony2 ACL https://stackoverflow.com/questions/6915502/symfony2-acl-roles-and-users

Answer 1

Below is the solution, which worked for me.

Before moving ahead you have to follow the steps given in http://symfony.com/doc/current/cookbook/security/acl.html

In the user table add the column as roles, as specified under Role Assign in the question

In your User.php file located at src/AppBundle/Entity/User.php add the get and set method

/**
* Set roles
*
* @param boolean $roles
*
* @return User
*/
public function setRoles($roles)
{
    $this->roles = $roles;    
    return $this;
}

/**
* Get roles
*
* @return boolean
*/
public function getRoles()
{
    return array($this->roles);
}

Now check in above getRoles() I have return an array as symfony has also given a provision that a user can have multiple role, So either you specify an array in role field in your database OR if you specified a single role and than just return an array from your user.php file

Please take care that each of your role prefix with 'ROLE_' like ROLE_ADMIN, ROLE_USER etc.

with the above things we have specified ROLE against each user.

Now in your security.yml specify the access control

security:
    encoders:
        AppBundle\Entity\User:
            algorithm: bcrypt

    acl:
        connection: default

    # http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
    providers:
        our_db_provider:
            entity:
                class: AppBundle:User
                property: username
                # if you're using multiple entity managers
                # manager_name: customer
        in_memory:
            memory: ~

    firewalls:
        default:
            pattern:    ^/
            http_basic: ~
            provider: our_db_provider
            anonymous: ~
            #http_basic: ~
            form_login:
                login_path: /login
                check_path: /login_check

    access_control:
        # require ROLE_ADMIN for /admin*
        - { path: ^/admin, roles: ROLE_ADMIN }