symfony2 FOSUserBundle detach the role from the user

Question

I have an application where a user can be linked to several companies. The manyToMany relationship with the company is a distinguished entity called Associate.

I'd like to give to this Associate entity the exact same role functionnality as my FOSUserBundle User entity has. Important : if a user has a role_manager for one company, it should not be given the rights to access specific features of another company he belongs to too.

Is there a clean way to do this? I'd like to check for instance if $this->getUser->getAssociate->hasRole('ROLE_MANAGER') is true.

What if I give a role array to my entity Associate? I've read it's not secure enough? Why? What could someone do to break that security if anyway my users have to pass through FOS security login checks?

I've found an article where using a voter is suggested. But I don't want to filter routes, I really want to check the condition against the link between a user and a company, so if a voter is the solution, how would I use it?

EDIT: if a better solution not involving roles or with different logic exists, I am interested in learning about it!!

Answer 1

So in my case, I actually one user can actually be only linked to a maximum of 4 companies, each of a different kind defined by its category.

The official doc would suggest using ACL, defining a role for every company or store the data in the entity. cf first paragraphs of : http://symfony.com/doc/current/cookbook/security/acl.html

I used a combination of roles and business logic. I've created roles for every type of company and since one user can only have one company per type, I just had to check for the type and the role-manager associated to the type.

See my voter here: symfony2 call is_granted in voter : how to avoid an infinite loop?