api-platform: Limit the records a user can see based on access logic

I would like to use Symfonys API platform for a BI application. I know it is great in security and flexibility, but I need something I have not yet found in documentation or here on stackoverflow.

I have multiple databases and each db contains data of multiple customers.

Now I want to limit which customers a logged in BI user can see. If a BI user is limited to see only data of a subset of customers (that relation is present in the DB), how can I make sure this user will only see data related to those customers, and not any other?

I could use a customer ID as entrypoint, would since it should contain data of all customers and the list of customers is dynamic, this will not work.

I know there must be a way to have that security on kernel level/Event Listener but was unable to find this.

Thanks in advance for any help!

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *