ssossossossosso

Forums

Forums OroPlatform OroPlatform – Security Best practice to verify if a user is ADMIN

This topic contains 2 replies, has 2 voices, and was last updated by  Rodolfo 2 years, 10 months ago.

  • Creator
    Topic
  • #29857

    Rodolfo
    Participant

    Hi there!

    I’m creating a feature here that the user will be able to modify a custom value. I got this solution from Symfony code methods.. but I’m not sure if this is the best way to do this in OroCRM. What do you guys think? Can I use this or there is a better solution?

    Thank you!

    Reference:
    http://symfony.com/doc/current/book/security.html#securing-controllers-and-other-code

Viewing 2 replies - 1 through 2 (of 2 total)
  • Author
    Replies
  • #29858

    Dima Soroka
    Keymaster

    Hi Rodolfo

    I would recommend to introduce an ACL resource for this purpose and assign the permission to proper role.

    What is your use case for admin role verification?

    #29859

    Rodolfo
    Participant

    Hi @dima

    I’m creating an extension to provide two-factor-authentication to OroCRM. Only the Admin user or the own user will be able to set up this feature.

    I’ll read more about the ACL. Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.