Symfony2对对象和类的ACL访问

时间:2012-09-03 07:59:43

标签: php symfony acl

我刚开始使用Symfony2 ACL,我无法使用指定的用户访问对象。让我解释一下:

我为某些对象的特定用户分配权限。我是在加载数据夹具上做的:

    // creating the ACL
    $aclProvider = $this->container->get('security.acl.provider');
    $objectIdentity = ObjectIdentity::fromDomainObject($order); //entity

    try {
        $acl = $aclProvider->findAcl($objectIdentity);
    } catch (\Symfony\Component\Security\Acl\Exception\Exception $e) {
        $acl = $aclProvider->createAcl($objectIdentity);
    }

    // retrieving the security identity of the currently logged-in user
    $securityIdentity = UserSecurityIdentity::fromAccount($user);

    // grant owner access
    $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
    $aclProvider->updateAcl($acl);

我还想将一个类的所有对象的权限分配给ADMIN角色,并使用命令执行:

    $output->writeln('<info>Adding Order OWNER ACE to role ROLE_ADMIN</info>');

    $aclProvider = $this->getContainer()->get('security.acl.provider');
    $objectIdentity = new ObjectIdentity('class', 'VendorName\XXXBundle\Entity\Order');

    try {
        $acl = $aclProvider->findAcl($objectIdentity);
    } catch (\Symfony\Component\Security\Acl\Exception\Exception $e) {
        $acl = $aclProvider->createAcl($objectIdentity);
    }

    $em = $entityManager = $this->getContainer()->get('doctrine')->getEntityManager();
    $role = $em->getRepository('VendorNameXXXBundle:Role')->findOneByRole('ROLE_ADMIN');

    $securityIdentity = new RoleSecurityIdentity($role->getRole());
    $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
    $aclProvider->updateAcl($acl);

我无法让Symfony2检测到这些权限。我与两个用户联系,当我从Twig那里做到时:

    {% if is_granted('VIEW', entity) %}
    <tr>
        <td colspan="12">Authorized!</td>
    </tr>
    {% else %}
    <tr>
        <td colspan="12">You are not authorized</td>
    </tr>
    {% endif %}

我总是得到:“你没有被授权”。

也从控制器尝试但结果相同:

    $securityContext = $this->get('security.context');

    if (false === $securityContext->isGranted('EDIT', $entity))
    {
        throw new \Symfony\Component\Security\Core\Exception\AccessDeniedException;
    }

    if (!$entity) {
        throw $this->createNotFoundException('Unable to find Order entity.');
    }

0 个答案:

没有答案