Add security to demo #1
Description
I quite like the demo for seeing "Best Practices" of now to configure EasyAdmin, thanks for releasing it and the package itself.
I think it'd be great to see the demo with a more complete security setup. What I'd like to see is
- Anyone can view the dashboard, subject to the ->setPermission()
- ROLE_ADMIN can do anything
- USER_EDIT permissions are granted for ROLE_ADMIN and when the user record email matches the logged in user's email.
- POST_EDIT -- only ROLE_ADMIN and POST_EDIT
- COMMENT_EDIT -- configure COMMENT_EDIT in CommentVoter to be ROLE_ADMIN or comment->getUser->getEmail === $user->getEmail()
At least that's the way I'm configuring my voters. Perhaps there's a better way?
It's possible that using the expression language is sufficient and and the Voter is overkill, though I quite like the Symfony Voter system, and of course it integrates beautifully with EasyAdmin.
Mostly I'm looking for more examples and best practices.
Thanks.