I am trying to pull roles from a database to use for authenticating users. To do this I've created a group object that extends Role much like the code bellow:
// src/Acme/Bundle/UserBundle/Entity/Group.php
namespace Acme\UserBundle\Entity;
use Symfony\Component\Security\Core\Role\Role;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\ORM\Mapping as ORM;
/**
* @ORM\Table(name="acme_groups")
* @ORM\Entity()
*/
class Group extends Role
{
/**
* @ORM\Column(name="id", type="integer")
* @ORM\Id()
* @ORM\GeneratedValue(strategy="AUTO")
*/
private $id;
/**
* @ORM\Column(name="name", type="string", length=30)
*/
private $name;
/**
* @ORM\Column(name="role", type="string", length=20, unique=true)
*/
private $role;
/**
* @ORM\ManyToMany(targetEntity="User", mappedBy="groups")
*/
private $users;
public function __construct()
{
$this->users = new ArrayCollection();
}
// ... getters and setters for each property
/**
* @see RoleInterface
*/
public function getRole()
{
return $this->role;
}
}
What confuses me is that I can't see the relationship between this class and the corresponding fields in security.yml such as:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
So would names be on the right side of the : and role on the right side? For example in
ROLE_ADMIN: ROLE_USER
Would ROLE_ADMIN be the group name and ROLE_USER become the role? What also doesn't make sense to me is how symfony2 implements the role property as a single variable and not an array. Since in the statement
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
There are multiple roles, not just one role. How does any of this correspond to the class defined above? I am following the symfony2 cookbook http://symfony.com/doc/current/cookbook/security/entity_provider.html#managing-roles-in-the-database.