How to use the AccessDecisionManager in Symfony2 for authorization of arbitrary users?
You need only AccessDecisionManager
for this, no need for security context since you don't need authentication.
$user = new Core\Model\User();$token = new UsernamePasswordToken($user, 'none', 'none', $user->getRoles());$isGranted = $this->get('security.access.decision_manager') ->decide($token, array('ROLE_ADMIN'));
This will correctly take role hierarchy into account, since RoleHierarchyVoter
is registered by default
Update
As noted by @redalaanait, security.access.decision_manager is a private service, so accessing it directly is not a good thing to do.It's better to use service aliasing, which allows you to access private services.
Maybe you can instantiate a new securityContext instance and use it to check if user is granted :
$securityContext = new \Symfony\Component\Security\Core\SecurityContext($this->get('security.authentication.manager'), $this->get('security.access.decision_manager'));$token = new \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken($user, null, $this->container->getParameter('fos_user.firewall_name'), $user->getRoles());$securityContext->setToken($token);if ($securityContext->isGranted('ROLE_ADMIN')) { // some stuff to do}
security.context
Is deprecated since 2.6.
Use AuthorizationChecker
:
$token = new UsernamePasswordToken( $user, null, 'secured_area', $user->getRoles());$tokenStorage = $this->container->get('security.token_storage');$tokenStorage->setToken($token);$authorizationChecker = new AuthorizationChecker( $tokenStorage, $this->container->get('security.authentication.manager'), $this->container->get('security.access.decision_manager'));if (!$authorizationChecker->isGranted('ROLE_ADMIN')) { throw new AccessDeniedException();}