How security will work
Just think of the way it will work, how it will handle authentication, how it will check if specified user has permission etc.
After spending some time thinking about how to resolve the security problem I wrote this (let's alias group to role):
I have few classes:
AuthenticationCheckerwhich is responsible for authentication. We give him credentials and if data is correct, he fills entity with role object from
RolesManagerand stores this in session
RolesManageris a class which have informations about roles from YAML file and have
get()method to return
Roleobject by name
Roleis a class which we can test for privileges
UserSessionManageris a class responsible for storing and retrieving
Userentity from session (or from any other place). Therefore we can
signIn()as a specified user or
FirewallMiddlewareis just a middleware checking before each route if current user has privilege to see specifed route by
User is an interface requiring
getRole()method to be implemented for dealing with priveleges. If current user is guest, it loads guest user (to be thinked of how - in time of writing code I guess).