Masacc Masacc - 1 month ago 15
PHP Question

EzPublish users : how to use ezPublish access control in front standard symfony controller

I'm using ezPublish 5.3 only for its administration side. What I want to do is to manage users / user groups / roles in this back-office and control their access to a FOSRestBundle designed API.

Here is my security.yml :

security:
providers:
ezpublish:
id: ezpublish.security.user_provider

firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false

my_api:
pattern: ^/api/v[0-9]+
stateless: true
ezpublish_http_basic:
realm: eZ Publish REST API

ezpublish_front:
pattern: ^/
anonymous: ~
ezpublish_rest_session: ~
form_login:
require_previous_session: false
logout: ~

default:
anonymous: ~


And here is what I want to do in my controller :

<?php
namespace Acme\AppBundle\Controller;

use FOS\RestBundle\Controller\FOSRestController;

class ItemsController extends FOSRestController
{
public function postItemsAction(Request $request)
{
if (!$this->get('security.authorization_checker')->isGranted('EZ_CUSTOM_ROLE')) {
throw new \Exception('No Auth');
}

//... do something
}
}


I got this response :

{
"code": 0,
"message": "User 'USER_LOGIN' doesn't have user/login permission to SiteAccess 'site'"
}


How can I achieve that ?
How can I retrieve the user role ?

In the profiler I can see that when I do a standard POST with basic auth to this action, the user is connected with the default Symfony role
ROLE_USER
.

Answer

Here is my solution :

<?php
namespace Acme\AppBundle\Controller;

use FOS\RestBundle\Controller\FOSRestController;
use eZ\Publish\API\Repository\Values\User\RoleAssignment;
use eZ\Publish\API\Repository\Values\User\User;

class ItemsController extends FOSRestController
{
    public function postItemsAction(Request $request)
    {
        if (!$this->isUserRoleGranted()) {
            throw new \Exception('No Auth');
        }

        //... do something
     }

    private function isUserRoleGranted()
    {
        $user = $this->getCurrentUser();

        if ($user instanceof User) {
            $roleService = $this->get('ezpublish.api.repository')->getRoleService();
            $roles       = $roleService->getRoleAssignmentsForUser($user, true);

            if (is_array($roles) && !empty($roles)) {
                foreach ($roles as $role) {
                    if ($role instanceof RoleAssignment) {
                        $roleIdentifier = $role->getRole()->__get('identifier');

                        if (is_string($roleIdentifier) && $roleIdentifier === 'EZ_CUSTOM_ROLE') {
                            return true;
                        }
                    }
                }
            }
        }

        return false;
    }

    private function getCurrentUser()
    {
        return $this->get('ezpublish.api.repository')->getUserService()->loadUser(
            $this->get('ezpublish.api.repository')->getPermissionResolver()->getCurrentUserReference()->getUserId()
        );
    }
}
Comments