How to implement security #49
Comments
|
@eskrano The link don't mention voter, or even how to handle it with this bundle. So thanks for your attempt but I know how to handle security on symfony but the behavior I want is not in the basic of symfony, and i got no doc from the doc of the Bundle |
|
Personally I use graphql types to handle security. For instance, you can create a type This way your field can return a union of users (either You don't even have to worry about returning too much data on your resolvers since the graphql processor will filter the data automatically for you. All you have to do is to return the correct type. |
|
Well it looks very interesting to me. I started to do the verification on the type. But the type don't have access to the symfony container to get the authorization checker ? How do you check in the type that the user has a ROLE_ADMIN ? |
|
Actually the type will be set by your union type, in the method When you resolve your users in your field (here you have access to the container), you can add an information to your user object like When the method It's just an example of course to show you how you can control the type with unions. |
I'm trying to setup the security for the bundle. But i'm a bit confuse cause i don't succeed to find examples of use and the docs is not complete at all. I saw they were black/white List and Voter. But how can I use it ?
For example if I would like to handle access control on field of a type. for example A is a user and B is an admin. A can't access a certain field but B can cause he is admin ? I don't know if this is even possible at the moment with the bundle.
And also does the bundle handle field deprecation in the type ?
Thanks for your answers !
The text was updated successfully, but these errors were encountered: