crop fields in the spring

Crédit: Yannick (Rêveries)

14-04-2022
SymfonyEasyAdmincustom-easy-adminvotersrolesactions
Custom EasyAdmin – Only Admins can update Users

This article is part of a series of Article around the customization of EasyAdmin within Symfony. You can find the list of related articles and the context of it in this article : Symfony & EasyAdmin – space for extra functionalities. Since April 2025, the update to Symfony 7.2 has been done, please see the changes here: Custom Easy Admin - update to Symfony 7.2

Introduction

As a first update of the Admin, let’s tackle the least original of all : handling Users… Not any logged in users should be able to update any users, more none of them should be allowed to do anything to any users, so let’s try to restrict the potential actions on our Users only to the Admins of the application.

Impacted functionalities

The functionality that is in display here is how to update the security on specific actions in EasyAdmin.

Especially, we’ll want to restrict the usage of them by using Permissions.

Natura 2000 in Gembloux

Restrictions, you said???

Concretely

Let’s start at the beginning. As per the base configuration, a CRUDController is setup for each Entity we want to handle in the system, so let’s dive into the UserCRUDController already setup in our application:

1//src/Controller/EasyAdmin/UserCrudController.php
2
3class UserCrudController extends AbstractCrudController
4{
5    public static function getEntityFqcn(): string
6    {
7        return User::class; //(1)
8    }
9
10    public function configureFields(string $pageName): iterable //(2)
11    {
12        yield IdField::new('id')->onlyOnDetail();
13        yield AvatarField::new('email')->setIsGravatarEmail()->hideOnForm();
14        yield TextField::new('fullName');
15        yield TextField::new('username');
16        yield EmailField::new('email');
17        yield ChoiceField::new('roles')
18            ->setChoices(UserRoles::getAllRoles())
19        ;
20    }
21}

This is a simple class, linking this CRUDController to the User Entity (1) and defining some fields (2) to be used for display in the different views of EasyAdmin (Index, Show, New & Update).

Let's change some actions

Which actions ?

In EasyAdmin, you have 4 CRUD actions that are defined by default:

  1. Index: to list all the entities
  2. Show: to display the details of an entity
  3. New: to create a new entity (that will trigger a form for the entity)
  4. Edit: to update an entity (that will trigger a form for the entity)

The actions names used in the configuration are defined as constants in the class Action

How to

To update the actions behaviour, EasyAdmin provides a useful function in its AbstractCRUDController which is named : configureActions that allows you to define the actions that are available for a specific entity.

This little function taking a set of Actions in params and which returns a set of Actions, allows to update the defined actions in that CRUDController.

Let’s see what we did to it here:

1//src/Controller/EasyAdmin/UserCrudController.php
2
3public function configureActions(Actions $actions): Actions
4    {
5        $actions = parent::configureActions($actions);
6
7        $actions
8            // Set the permissions for more than 1 action at a time ==> overwrites all the existing permissions
9            ->setPermissions([
10                Action::EDIT => UserVoter::EDIT, // Use of a standard Symfony Voter
11                Action::DELETE => UserRoles::ROLE_ADMIN // Use of a global Symfony Role
12            ])
13            //Setting the permission uniquely for one single action
14            //(can't be used before the setPermissions as setPermissions - above - overwrites everything)
15            ->setPermission(Action::NEW, UserRoles::ROLE_ADMIN)
16        ;
17
18        return $actions;
19    }

One or multiple, you can choose !

2 options are offered:

  • or modifying the permissions of one action at a time (like we did for the NEW action)
1setPermission(string $actionName, string $permission)
  • or modifying the permissions of all actions at a time
1setPermissions([$actionName => $permission, ...])

IMPORTANT : setPermissions replaces completely all the permissions of all the actions so to be used first if used jointly with the single setPermission

Which permissions ?

EasyAdmin is completely linked to the Symfony ecosystem and so we have the ability to use the standard Access Control of the framework.

Above we used 2 different types of permissions:

  1. using the ROLES of a User. In my application, I’ve defined the list of the Roles in a UserRoles class (not yet 8.1 – so no Enums yet ;-)).

    Here, I’m using the admin role, used throughout the application, which will trigger the standard voter (used below on the New Action) :

1setPermission(Action::NEW, UserRoles::ROLE_ADMIN)
  1. using a custom Symfony Voter like the following in the setPermissions above for the Edit action:
1setPermissions([Action::EDIT => UserVoter::EDIT, ...])

With those additions, the actions of CRUD will appear only for the Admin users and not for the other ones.

I hope you enjoyed these first examples, let’s wait for the future ones… it’s in progress… ;-)

REPOSITORY : the code of this example is available in the branch 01.only_admin_can_update_users

All pictures of this article are of the making of the author and some can be seen here : Rêveries