我刚开始使用Symfony2 ACL,我无法使用指定的用户访问对象。让我解释一下:
我为某些对象的特定用户分配权限。我是在加载数据夹具上做的:
// creating the ACL
$aclProvider = $this->container->get('security.acl.provider');
$objectIdentity = ObjectIdentity::fromDomainObject($order); //entity
try {
$acl = $aclProvider->findAcl($objectIdentity);
} catch (\Symfony\Component\Security\Acl\Exception\Exception $e) {
$acl = $aclProvider->createAcl($objectIdentity);
}
// retrieving the security identity of the currently logged-in user
$securityIdentity = UserSecurityIdentity::fromAccount($user);
// grant owner access
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);
我还想将一个类的所有对象的权限分配给ADMIN角色,并使用命令执行:
$output->writeln('<info>Adding Order OWNER ACE to role ROLE_ADMIN</info>');
$aclProvider = $this->getContainer()->get('security.acl.provider');
$objectIdentity = new ObjectIdentity('class', 'VendorName\XXXBundle\Entity\Order');
try {
$acl = $aclProvider->findAcl($objectIdentity);
} catch (\Symfony\Component\Security\Acl\Exception\Exception $e) {
$acl = $aclProvider->createAcl($objectIdentity);
}
$em = $entityManager = $this->getContainer()->get('doctrine')->getEntityManager();
$role = $em->getRepository('VendorNameXXXBundle:Role')->findOneByRole('ROLE_ADMIN');
$securityIdentity = new RoleSecurityIdentity($role->getRole());
$acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);
我无法让Symfony2检测到这些权限。我与两个用户联系,当我从Twig那里做到时:
{% if is_granted('VIEW', entity) %}
<tr>
<td colspan="12">Authorized!</td>
</tr>
{% else %}
<tr>
<td colspan="12">You are not authorized</td>
</tr>
{% endif %}
我总是得到:“你没有被授权”。
也从控制器尝试但结果相同:
$securityContext = $this->get('security.context');
if (false === $securityContext->isGranted('EDIT', $entity))
{
throw new \Symfony\Component\Security\Core\Exception\AccessDeniedException;
}
if (!$entity) {
throw $this->createNotFoundException('Unable to find Order entity.');
}