Symfony row DB security based on field value

0 投票
最新提问 用户: (120 分)

I have a database that contains hundreds of thousands of records. For commercial reasons only users who work on specific projects can view certain records, we identify these records via a project_code field.

I think there is a facility in doctrine to filter records based on the users ROLE.

Can anyone explain to me how I make use of this row level filtering.

发表于 用户: (340 分)
You could start here: docs.doctrine-project.org/projects/doctrine-orm/en/latest/… Personally I don't care for this sort of majic. I would just add the necessary conditions to my queries.
发表于 用户: (120 分)
On a small application that would work, but when you have a large site with many developers and someone makes a join to the table it is easy to forget to add the extra where clause. Also in larger companies you need to be able to demonstrate to auditors how you ensure you are compliant.

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。
...