Best practice to verify if a user is ADMIN

This topic contains 2 replies, has 2 voices, and was last updated by Rodolfo 9 years, 1 month ago.

Starting from March 1, 2020 the forum has been switched to the read-only mode. Please head to StackOverflow for support.

Creator
Topic

March 13, 2015 at 11:54 am #35491

Rodolfo

Participant

Hi there!

I’m creating a feature here that the user will be able to modify a custom value. I got this solution from Symfony code methods.. but I’m not sure if this is the best way to do this in OroCRM. What do you guys think? Can I use this or there is a better solution?

Thank you!


$user = $this->getUser();
if ($entity->getId() != $user->getId() ){
   if (false === $this->get("security.context")->isGranted("ROLE_ADMINISTRATOR")) {
        throw new AccessDeniedException();
    }
}

$user = $this->getUser();

if ($entity->getId() != $user->getId() ){

if (false === $this->get("security.context")->isGranted("ROLE_ADMINISTRATOR")) {

throw new AccessDeniedException();

}

Reference:
http://symfony.com/doc/current/book/security.html#securing-controllers-and-other-code

Creator
Topic

Viewing 2 replies - 1 through 2 (of 2 total)

Author
Replies
March 13, 2015 at 1:49 pm #35492

Dima Soroka
Keymaster
Hi Rodolfo
I would recommend to introduce an ACL resource for this purpose and assign the permission to proper role.
What is your use case for admin role verification?
March 16, 2015 at 6:55 am #35493

Rodolfo
Participant
Hi @dima
I’m creating an extension to provide two-factor-authentication to OroCRM. Only the Admin user or the own user will be able to set up this feature.
I’ll read more about the ACL. Thanks!
Author
Replies

Viewing 2 replies - 1 through 2 (of 2 total)

The forum ‘OroPlatform – Security’ is closed to new topics and replies.

OroPlatform Forums