Chapters
47 Chapters
|
4:41:51
|
Login to bookmark this video
-
Course Code
Subscribe to download the code!
Subscribe to download the code!
-
This Video
Subscribe to download the video!
Subscribe to download the video!
-
Subtitles
Subscribe to download the subtitles!
Subscribe to download the subtitles!
-
Course Script
Subscribe to download the script!
Subscribe to download the script!
Scroll down to the script below, click on any sentence (including terminal blocks) to jump to that spot in the video!
Subscribe to jump to this part in the video!
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
This tutorial also works great for Symfony 6!
What PHP libraries does this tutorial use?
// composer.json
{
"require": {
"php": ">=8.2",
"ext-ctype": "*",
"ext-iconv": "*",
"babdev/pagerfanta-bundle": "^3.3", // v3.3.0
"composer/package-versions-deprecated": "^1.11", // 1.11.99.4
"doctrine/annotations": "^1.0", // 1.13.2
"doctrine/doctrine-bundle": "^2.1", // 2.6.3
"doctrine/doctrine-migrations-bundle": "^3.0", // 3.1.1
"doctrine/orm": "^2.7", // 2.10.1
"knplabs/knp-markdown-bundle": "^1.8", // 1.9.0
"knplabs/knp-time-bundle": "^1.11", // v1.16.1
"pagerfanta/doctrine-orm-adapter": "^3.3", // v3.3.0
"pagerfanta/twig": "^3.3", // v3.3.0
"phpdocumentor/reflection-docblock": "^5.2", // 5.2.2
"scheb/2fa-bundle": "^5.12", // v5.12.1
"scheb/2fa-qr-code": "^5.12", // v5.12.1
"scheb/2fa-totp": "^5.12", // v5.12.1
"sensio/framework-extra-bundle": "^6.0", // v6.2.0
"stof/doctrine-extensions-bundle": "^1.4", // v1.6.0
"symfony/asset": "5.3.*", // v5.3.4
"symfony/console": "5.3.*", // v5.3.7
"symfony/dotenv": "5.3.*", // v5.3.8
"symfony/flex": "^1.3.1", // v1.21.6
"symfony/form": "5.3.*", // v5.3.8
"symfony/framework-bundle": "5.3.*", // v5.3.8
"symfony/monolog-bundle": "^3.0", // v3.7.0
"symfony/property-access": "5.3.*", // v5.3.8
"symfony/property-info": "5.3.*", // v5.3.8
"symfony/rate-limiter": "5.3.*", // v5.3.4
"symfony/runtime": "5.3.*", // v5.3.4
"symfony/security-bundle": "5.3.*", // v5.3.8
"symfony/serializer": "5.3.*", // v5.3.8
"symfony/stopwatch": "5.3.*", // v5.3.4
"symfony/twig-bundle": "5.3.*", // v5.3.4
"symfony/ux-chartjs": "^1.3", // v1.3.0
"symfony/validator": "5.3.*", // v5.3.8
"symfony/webpack-encore-bundle": "^1.7", // v1.12.0
"symfony/yaml": "5.3.*", // v5.3.6
"symfonycasts/verify-email-bundle": "^1.5", // v1.5.0
"twig/extra-bundle": "^2.12|^3.0", // v3.3.3
"twig/string-extra": "^3.3", // v3.3.3
"twig/twig": "^2.12|^3.0" // v3.3.3
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^3.3", // 3.4.0
"symfony/debug-bundle": "5.3.*", // v5.3.4
"symfony/maker-bundle": "^1.15", // v1.34.0
"symfony/var-dumper": "5.3.*", // v5.3.8
"symfony/web-profiler-bundle": "5.3.*", // v5.3.8
"zenstruck/foundry": "^1.1" // v1.13.3
}
}
6 Comments
If $user is currently an authenticated user, then. can't we just do this instead of injecting Security ?
At 6:31 timestamp ?
Hey @sujal_k
It is not recommended to check for roles when authorizing a request, besides not being safe, the roles hierarchy system won't work. In your example, what would happen if such a user only has the
ROLE_SUPER_ADMINrole? It will mistakenly returnfalseCheers!
So the tutorial mentions that you'll probably make a voter for each Object (Entity?) in your app. If you end up with, let's say, 10 of these, does that mean every time the voter system is accessed, for any reason, it's going to ask all 10 of those voters, plus the 2 default ones?
As an example, every time Symfony needs to check whether or not to render those vote buttons on the answer page, for each one of them it'll be asking 12 voters to weigh in? So, 120 voter calls, total?
Edit: Actually, looking at the profiler, this doesn't seem to be the case. It seems like the voter polling may in fact stop as soon as it hits one "granted" response (and it probably does the same for "denied"). But there could still be instances of a lot of votes being asked for, right? Just wondering if there's any performance concerns with that.
Hey @Ryan-L
Yes, you're right. It stops as soon as a voter says "I can handle it", and even so, only the
supports()is called, which is usually very fast. The only downside is the instantiation of the voters, it should not be a problem if you don't add heavy dependencies to them (or you could make them lazy https://symfony.com/doc/current/service_container/lazy_services.html)Cheers!
Hello,
I have a question plz, is there a difference between checking if user has a role in this way
if (in_array('ROLE_ADMIN',$user->getRoles())) return true;and using the "Security" service the way u did in this video.Thanks in advance
Hey Hanane K.
Before explaining why the first thing you need to know is you should never check for permissions by looking if a role exists in the roles property of a User. Why? Well, there're a few reasons
- The roles hierarchy system won't do its thing. What I mean is if you are looking specifically for the role "ROLE_ADMIN", and the user only has the role "ROLE_SUPER_ADMIN", your check will fail
- Your application may have custom voters to decide whether or not a user has permission to access a resource
- Other security concerns
Cheers!
"Houston: no signs of life"
Start the conversation!