how to check the user role inside form builder in Symfony2?
From controller you have to pass user object to form builder
$form = $this->createForm( new YourType(), $data, array('user' => $this->getUser()));
Then in form builder you can fetch it from $options
:
public function buildForm(FormBuilder $builder, array $options){ $user = $options['user']}
Don't forget to extend setDefaultOptions()
with user
index:
public function setDefaultOptions(OptionsResolverInterface $resolver){ $resolver->setDefaults(array( ... 'user' => null ));}
If you declare your form type as a service, you can inject the token storage in your class.
So you declare the service in services.yml
like this:
my_form: class: AppBundle\Services\MyFormType public: true arguments: ['@security.token_storage']
And the form class like this:
use Symfony\Component\Form\AbstractType;use Symfony\Component\Form\FormBuilderInterface;use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;class MyFormType extends AbstractType{ protected $tokenStorage; public function __construct(TokenStorage $tokenStorage) { $this->tokenStorage = $tokenStorage; } public function buildForm(FormBuilderInterface $builder, array $options) { $user = $this->tokenStorage->getToken()->getUser(); // Use the user object to build the form }}
I know this is an old question, but I'd like to put forward a better alternative for checking roles inside a form type.
The issue
The issue with using the TokenInterface and the User object is that it does not check for inheritance. For example, consider the following security.yml
:
security: role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: ROLE_ADMIN
If your user has ROLE_SUPER_ADMIN
but not ROLE_ADMIN
added to their roles, the above solutions will fail if you are using $user->hasRole('ROLE_ADMIN')
, as the user does not explicitly have ROLE_ADMIN
assigned to their user and hasRole()
does not check hierarchy.
The solution
Use the AuthorizationCheckerInterface
instead to gain access to the isGranted()
function.
use Symfony\Component\Form\AbstractType;use Symfony\Component\Form\FormBuilderInterface;use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;class MyFormType extends AbstractType { protected $auth; public function __construct(AuthorizationCheckerInterface $auth) { $this->auth = $auth; } public function buildForm(FormBuilderInterface $builder, array $options) { // ... if($this->auth->isGranted('ROLE_ADMIN')) { // Do the thing here } }}
This will respect any hierarchy defined in security.yml
. If we use the same yml file as above, $auth->isGranted('ROLE_ADMIN')
will return true if a user has ROLE_SUPER_ADMIN
but not ROLE_ADMIN
assigned to their profile.