symfony · javiereguiluz · Mar 16, 2023 · Feb 16, 2023
diff --git a/composer.lock b/composer.lock
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
@@ -69,6 +69,7 @@ security:
         # additional security lives in the controllers
         - { path: '^/(%app_locales%)/admin', roles: ROLE_ADMIN }
 
+    # The ROLE_ADMIN role inherits from the ROLE_USER role
     role_hierarchy:
         ROLE_ADMIN: ROLE_USER
 

diff --git a/src/Command/AddUserCommand.php b/src/Command/AddUserCommand.php
@@ -189,7 +189,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
         $user->setFullName($fullName);
         $user->setUsername($username);
         $user->setEmail($email);
-        $user->setRoles([$isAdmin ? 'ROLE_ADMIN' : 'ROLE_USER']);
+        $user->setRoles([$isAdmin ? User::ROLE_ADMIN : User::ROLE_USER]);
 
         // See https://symfony.com/doc/5.4/security.html#registering-the-user-hashing-passwords
         $hashedPassword = $this->passwordHasher->hashPassword($user, $plainPassword);

diff --git a/src/Controller/Admin/BlogController.php b/src/Controller/Admin/BlogController.php
@@ -38,7 +38,7 @@
  * @author Javier Eguiluz <[email protected]>
  */
 #[Route('/admin/post')]
-#[IsGranted('ROLE_ADMIN')]
+#[IsGranted(User::ROLE_ADMIN)]
 class BlogController extends AbstractController
 {
     /**

diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
@@ -31,7 +31,7 @@
  *
  * @author Romain Monteil <[email protected]>
  */
-#[Route('/profile'), IsGranted('ROLE_USER')]
+#[Route('/profile'), IsGranted(User::ROLE_USER)]
 class UserController extends AbstractController
 {
     #[Route('/edit', name: 'user_edit', methods: ['GET', 'POST'])]

diff --git a/src/DataFixtures/AppFixtures.php b/src/DataFixtures/AppFixtures.php
@@ -103,9 +103,9 @@ private function getUserData(): array
     {
         return [
             // $userData = [$fullname, $username, $password, $email, $roles];
-            ['Jane Doe', 'jane_admin', 'kitten', '[email protected]', ['ROLE_ADMIN']],
-            ['Tom Doe', 'tom_admin', 'kitten', '[email protected]', ['ROLE_ADMIN']],
-            ['John Doe', 'john_user', 'kitten', '[email protected]', ['ROLE_USER']],
+            ['Jane Doe', 'jane_admin', 'kitten', '[email protected]', [User::ROLE_ADMIN]],
+            ['Tom Doe', 'tom_admin', 'kitten', '[email protected]', [User::ROLE_ADMIN]],
+            ['John Doe', 'john_user', 'kitten', '[email protected]', [User::ROLE_USER]],
         ];
     }
 

diff --git a/src/Entity/User.php b/src/Entity/User.php
@@ -32,6 +32,12 @@
 #[ORM\Table(name: 'symfony_demo_user')]
 class User implements UserInterface, PasswordAuthenticatedUserInterface
 {
+    // We can use constants for roles to find usages all over the application rather
+    // than doing a full-text search on the "ROLE_" string.
+    // It also prevents from making typo errors.
+    final public const ROLE_USER = 'ROLE_USER';
+    final public const ROLE_ADMIN = 'ROLE_ADMIN';
+
     #[ORM\Id]
     #[ORM\GeneratedValue]
     #[ORM\Column(type: Types::INTEGER)]
@@ -118,7 +124,7 @@ public function getRoles(): array
 
         // guarantees that a user always has at least one role for security
         if (empty($roles)) {
-            $roles[] = 'ROLE_USER';
+            $roles[] = self::ROLE_USER;
         }
 
         return array_unique($roles);