I have an api plateform project (symfony) that contain an entity User with column Roles(array), I have 3 ROLES: ROLE_USER, ROLE_COMMERCIAL, ROLE_ADMIN, I am protecting my operations likes this:
"get"={
"access_control"="is_granted('ROLE_ADMIN')",
"security_post_denormalize_message"="Sorry, Only admins can View Users List"
}
But What I would to achieve is to give each user privileges like for example a user can view users list but cannot edit it , I want to edit the privileges for each user later that's why I don't want to use the role column. I think of this tables structure :
- User(id,user_name,role_id)
- Role(role_id,role_name)
- Privilege(id,priv_name, role_id)
