This article is part of a series of Article around the customization of EasyAdmin within Symfony. You can find the list of related articles and the context of it in this article : Symfony & EasyAdmin – space for extra functionalities

As a first update of the Admin, let’s tackle the least original of all : handling Users… Not any logged in users should be able to update any users, more none of them should be allowed to do anything to any users, so let’s try to restrict the potential actions on our Users only to the Admins of the application.

Impacted functionalities

The functionality that is in display here is how to update the security on specific actions in EasyAdmin.
Especially, we’ll want to restrict the usage of them by using Permissions.

Restrictions, you said???

Concretely

Let’s start at the beginning. As per the base configuration, a CRUDController is setup for each Entity we want to handle in the system, so let’s dive into the UserCRUDController already setup in our application:

//src/Controller/EasyAdmin/UserCrudController.php

class UserCrudController extends AbstractCrudController
{
    public static function getEntityFqcn(): string
    {
        return User::class; //(1)
    }

    public function configureFields(string $pageName): iterable //(2)
    {
        yield IdField::new('id')->onlyOnDetail();
        yield AvatarField::new('email')->setIsGravatarEmail()->hideOnForm();
        yield TextField::new('fullName');
        yield TextField::new('username');
        yield EmailField::new('email');
        yield ChoiceField::new('roles')
            ->setChoices(UserRoles::getAllRoles())
        ;
    }
}

This is a simple class, linking this CRUDController to the User Entity (1) and defining some fields (2) to be used for display in the different views of EasyAdmin (Index, Show, New & Update).

Let’s change some actions

Which actions

In EasyAdmin, you have 4 CRUD actions that are defined by default:

  1. Index : defines the listing of all the instances of the linked entity
  2. Show : allows to look at one particular entity
  3. New : allows to create a new entity (that will trigger a form)
  4. Edit : allows to update an existing entity (that will also trigger a form)

The actions names used in the configuration are defined as constants in the class Action.

How to

To update the actions behaviour, EasyAdmin provides a useful function in its AbstractCRUDController which is named :

configureActions(Actions $actions): Actions

This little function taking a set of Actions in params and which returns a set of Actions, allows to update the defined actions in that CRUDController.

Let’s see what we did to it here:

//src/Controller/EasyAdmin/UserCrudController.php

public function configureActions(Actions $actions): Actions
    {
        $actions = parent::configureActions($actions);

        $actions
            // Set the permissions for more than 1 action at a time ==> overwrites all the existing permissions
            ->setPermissions([
                Action::EDIT => UserVoter::EDIT, // Use of a standard Symfony Voter
                Action::DELETE => UserRoles::ROLE_ADMIN // Use of a global Symfony Role
            ])
            //Setting the permission uniquely for one single action
            //(can't be used before the setPermissions as setPermissions - above - overwrites everything)
            ->setPermission(Action::NEW, UserRoles::ROLE_ADMIN)
        ;

        return $actions;
    }

So, multiple changes are done here as we have multiple ways to set the Permissions.

One or multiple you can choose !

2 options are offered:
– or modifying the permissions of one action at a time

setPermission(string $actionName, string $permission)

– or modifying the permissions of all actions at a time
setPermissions([$actionName => $permission, ...])

IMPORTANT : setPermissions replaces completely all the Permissions of all the actions so to be used first if used jointly with the single setPermission

What Permissions ?

EasyAdmin is completely linked to the Symfony ecosystem and so we have the ability to use the standard Access Control of the framework.

Above, we use 2 different ways:

  1. using the ROLES of a User. In my application, I’ve defined the list of the Roles in a UserRoles class (not yet 8.1 – so no Enums yet ;-)).
    Here, I’m using the admin role, used throughout the application, which will trigger the standard voter (used below on the New Action) :
    setPermission(Action::NEW, UserRoles::ROLE_ADMIN)
  2. Also you can use a custom Symfony Voter like the following in the setPermissions above for the Edit action:
    setPermissions([Action::EDIT => UserVoter::EDIT, ...])

With those additions, the actions of CRUD will appear only for the Admin users and not for the other ones.

I hope you enjoyed this first examples, let’s wait for the future ones… it’s in progress…

REPOSITORY : the code of this example is available in the branch 01.only_admin_can_update_users
All pictures of this article are of the making of the author and some can be seen here : Rêveries

Categories:

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *