cleanup: use roles constants

COil · javiereguiluz · commit f057af8d1cac · 2023-03-16T15:29:21.000+01:00
diff --git a/composer.lock b/composer.lock
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
@@ -69,6 +69,7 @@ security:
         # additional security lives in the controllers
         - { path: '^/(%app_locales%)/admin', roles: ROLE_ADMIN }
 
+    # The ROLE_ADMIN role inherits from the ROLE_USER role
     role_hierarchy:
         ROLE_ADMIN: ROLE_USER
 
diff --git a/src/Command/AddUserCommand.php b/src/Command/AddUserCommand.php
@@ -189,7 +189,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
         $user->setFullName($fullName);
         $user->setUsername($username);
         $user->setEmail($email);
-        $user->setRoles([$isAdmin ? 'ROLE_ADMIN' : 'ROLE_USER']);
+        $user->setRoles([$isAdmin ? User::ROLE_ADMIN : User::ROLE_USER]);
 
         // See https://symfony.com/doc/5.4/security.html#registering-the-user-hashing-passwords
         $hashedPassword = $this->passwordHasher->hashPassword($user, $plainPassword);
diff --git a/src/Controller/Admin/BlogController.php b/src/Controller/Admin/BlogController.php
@@ -38,7 +38,7 @@
  * @author Javier Eguiluz <javier.eguiluz@gmail.com>
  */
 #[Route('/admin/post')]
-#[IsGranted('ROLE_ADMIN')]
+#[IsGranted(User::ROLE_ADMIN)]
 class BlogController extends AbstractController
 {
     /**
diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
@@ -31,7 +31,7 @@
  *
  * @author Romain Monteil <monteil.romain@gmail.com>
  */
-#[Route('/profile'), IsGranted('ROLE_USER')]
+#[Route('/profile'), IsGranted(User::ROLE_USER)]
 class UserController extends AbstractController
 {
     #[Route('/edit', name: 'user_edit', methods: ['GET', 'POST'])]
diff --git a/src/DataFixtures/AppFixtures.php b/src/DataFixtures/AppFixtures.php
@@ -103,9 +103,9 @@ private function getUserData(): array
     {
         return [
             // $userData = [$fullname, $username, $password, $email, $roles];
-            ['Jane Doe', 'jane_admin', 'kitten', 'jane_admin@symfony.com', ['ROLE_ADMIN']],
-            ['Tom Doe', 'tom_admin', 'kitten', 'tom_admin@symfony.com', ['ROLE_ADMIN']],
-            ['John Doe', 'john_user', 'kitten', 'john_user@symfony.com', ['ROLE_USER']],
+            ['Jane Doe', 'jane_admin', 'kitten', 'jane_admin@symfony.com', [User::ROLE_ADMIN]],
+            ['Tom Doe', 'tom_admin', 'kitten', 'tom_admin@symfony.com', [User::ROLE_ADMIN]],
+            ['John Doe', 'john_user', 'kitten', 'john_user@symfony.com', [User::ROLE_USER]],
         ];
     }
 
diff --git a/src/Entity/User.php b/src/Entity/User.php
@@ -32,6 +32,12 @@
 #[ORM\Table(name: 'symfony_demo_user')]
 class User implements UserInterface, PasswordAuthenticatedUserInterface
 {
+    // We can use constants for roles to find usages all over the application rather
+    // than doing a full-text search on the "ROLE_" string.
+    // It also prevents from making typo errors.
+    final public const ROLE_USER = 'ROLE_USER';
+    final public const ROLE_ADMIN = 'ROLE_ADMIN';
+
     #[ORM\Id]
     #[ORM\GeneratedValue]
     #[ORM\Column(type: Types::INTEGER)]
@@ -118,7 +124,7 @@ public function getRoles(): array
 
         // guarantees that a user always has at least one role for security
         if (empty($roles)) {
-            $roles[] = 'ROLE_USER';
+            $roles[] = self::ROLE_USER;
         }
 
         return array_unique($roles);

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@`
`38`	`38`	`* @author Javier Eguiluz <[email protected]>`
`39`	`39`	`*/`
`40`	`40`	`#[Route('/admin/post')]`
`41`		`-#[IsGranted('ROLE_ADMIN')]`
	`41`	`+#[IsGranted(User::ROLE_ADMIN)]`
`42`	`42`	`class BlogController extends AbstractController`
`43`	`43`	`{`
`44`	`44`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@`
`31`	`31`	`*`
`32`	`32`	`* @author Romain Monteil <[email protected]>`
`33`	`33`	`*/`
`34`		`-#[Route('/profile'), IsGranted('ROLE_USER')]`
	`34`	`+#[Route('/profile'), IsGranted(User::ROLE_USER)]`
`35`	`35`	`class UserController extends AbstractController`
`36`	`36`	`{`
`37`	`37`	`#[Route('/edit', name: 'user_edit', methods: ['GET', 'POST'])]`
Original file line number	Diff line number	Diff line change
`@@ -103,9 +103,9 @@ private function getUserData(): array`
`103`	`103`	`{`
`104`	`104`	`return [`
`105`	`105`	`// $userData = [$fullname, $username, $password, $email, $roles];`
`106`		`- ['Jane Doe', 'jane_admin', 'kitten', '[email protected]', ['ROLE_ADMIN']],`
`107`		`- ['Tom Doe', 'tom_admin', 'kitten', '[email protected]', ['ROLE_ADMIN']],`
`108`		`- ['John Doe', 'john_user', 'kitten', '[email protected]', ['ROLE_USER']],`
	`106`	`+ ['Jane Doe', 'jane_admin', 'kitten', '[email protected]', [User::ROLE_ADMIN]],`
	`107`	`+ ['Tom Doe', 'tom_admin', 'kitten', '[email protected]', [User::ROLE_ADMIN]],`
	`108`	`+ ['John Doe', 'john_user', 'kitten', '[email protected]', [User::ROLE_USER]],`
`109`	`109`	`];`
`110`	`110`	`}`
`111`	`111`