eZ Platform bundle which provides user role inheritance.
This is an eZ Platform bundle which provides user role inheritance.
This is different from the built-in User Group inheritance because it allows for fine-grained, easy management of user roles that doesn't depend on groups.
(This is an eZ Platform port of permissions-inheritance-bundle.)
composer require
:$ composer require contextualcode/ezplatform-role-inheritance-bundle
app/AppKernel.php
file by adding next line in registerBundles
method: public function registerBundles()
{
$bundles = array(
...
new ContextualCode\EzPlatformRoleInheritanceBundle\ContextualCodeEzPlatformRoleInheritanceBundle(),
);
app/config/routing.yml
:contextual_code_ez_platform_role_inheritance:
resource: "@ContextualCodeEzPlatformRoleInheritanceBundle/Resources/config/routing.yml"
prefix: /
$ cat vendor/contextualcode/ezplatform-role-inheritance-bundle/src/ContextualCode/EzPlatformRoleInheritanceBundle/SQL/MySQL/schema.sql | mysql -u <username -p<password> <database_name>
Note: If you are upgrading from an eZ 5.x install that was using contextualcode/permissions-inheritance-bundle, please instead run the upgrade SQL to retain your old role inheritances:
$ cat vendor/contextualcode/ezplatform-role-inheritance-bundle/src/ContextualCode/EzPlatformRoleInheritanceBundle/SQL/MySQL/upgrade.sql | mysql -u <username -p<password> <database_name>
handleUserChildRoles($userId)
of RoleInheritanceService.
You can use a custom login handler/event listener or any other way to call that code.
For example, you can create AppBundle\Security\User\Provider.php
that extends eZ\Publish\Core\MVC\Symfony\Security\User\Provider
.
Add the RoleInheritanceService to the constructor, and override the refreshUser
function to add these lines to load the inherited roles:$userId = $user->getAPIUser()->contentInfo->id;
$this->roleInheritanceService->handleUserChildRoles($userId);
Then you must set security.providers.ezpublish.id
to use the id of this new Provider. Now users will inherit roles set in the admin UI.