Symfony2中isGranted的替代品

Question

While testing roles in my application I found the function isGranted of the SecurityContext . It works great but now I need to check the roles of a user that is not the current user so isGranted doesn't work for me.

I've been looking and I found the function hasRole of the user, the problem is that this function doesn't look in the hierarchy tree of Symfony and it just looks in the roles assigned to the user.

So, Is there a function that looks for a role of a user looking in the hierarchy tree like isGranted do for the current user?

EDIT

I found this solution:

How to use the AccessDecisionManager in Symfony2 for authorization of arbitrary users?

I implemented it and it works, the problem is that it needs the ContainerBuilder and I would prefer a different approach.

Any Idea?

Answer 1

Basically AFAIK SecurityContext work with Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface from where can fetch current user using getUser method.

If user token is not authenticated then isGranted trying authenticate user token first and then use class called AccessDecisionManager which basically iterate over voters objects and call them (and can use different strategies for that) One of called voters is RoleHierarchyVoter which use Symfony\\Component\\Security\\Core\\Role\\RoleHierarchy .

So answer to your question:

I think that is no such function like isGranted for other users (or do not know about any), but you can write own service which allow to that using security.role_hierarchy (just notice that is private service).

BTW hasRole probably should be sufficient most of the time, so maybe you should think about what do you want to do ;)