大家好,我需要操纵管理生成器的数据我一直在阅读文档,但这对我没有帮助。我需要用户只能看到他的小组的信息,而不是更多。
这是我的generator.yml
generator: admingenerator.generator.propel
params:
model: Velfasa\SoporteBundle\Model\Usuario
namespace_prefix: Velfasa
concurrency_lock: ~
bundle_name: SoporteBundle
pk_requirement: ~
fields: ~
object_actions:
delete: ~
batch_actions:
delete: ~
builders:
list:
params:
title: Lista de usuarios
display: [ nombre, apellido, dpi, username, direccion, fecha_de_nacimiento]
actions:
new:
route: usuario_registro
object_actions:
edit:
route: usuario_editar
delete: ~
show:
route: usuario_visualizar
filters:
params:
display: [nombre, email, apellido, dpi, username, direccion, fecha_de_nacimiento]
new:
params:
title: Nuevo usuario
display: ~
actions:
save: ~
list: ~
edit:
params:
title: Editar
display: ~
actions:
save: ~
list: ~
show:
params:
title: Vista general
display: ~
actions:
list: ~
new: ~
actions:
params:
object_actions:
delete: ~
batch_actions:
delete: ~
Y希望有人在这里帮助我
答案 0 :(得分:0)
仔细查看Security part of documentation我认为您应该使用凭据。
显示/修改/删除操作
编辑yml文件并为要保护的所有对象操作添加凭证功能(检查ifOwnedByGroupSameAsCurrentUser?)。也许你有更好的名字;)
# ...
params:
# ...
object_actions:
show:
credentials: 'ifOwnedByGroupSameAsCurrentUser(object)'
edit:
credentials: 'ifOwnedByGroupSameAsCurrentUser(object)'
delete:
credentials: 'ifOwnedByGroupSameAsCurrentUser(object)'
# ...
现在定义功能。在同一个Bundle内部(不使用外部bundle)定义Security类:
// src/MyPrefix/MyBundle/Security/AccessEvaluator.php
<?php
namespace MyPrefix\MyBundle\Security;
use Symfony\Component\DependencyInjection\ContainerInterface;
use JMS\DiExtraBundle\Annotation as DI;
/**
* @DI\Service
*/
class AccessEvaluator
{
private $container;
/**
* @DI\InjectParams({
* "container" = @DI\Inject("service_container"),
* })
*/
public function __construct( ContainerInterface $container )
{
$this->container = $container;
}
/**
* @DI\SecurityFunction("ifOwnedByGroupSameAsCurrentUser")
*/
public function ifOwnedByGroupSameAsCurrentUser( $object )
{
// Get current user
$user = $this->getCurrentUser();
//
// THIS IS THE MAGIC
// change this part to check if user and object has the same group related
// I assumed that the object has one related group and user can have more groups
//
if( in_array( $object->getGroup(), $user->getGroups() ) )
{
return true;
}
// this function must return a boolean value
return false;
}
protected function getCurrentUser()
{
// I use fos user bundle
// replace with your own "get user" code
$userManager = $this->container->get( 'fos_user.user_manager' );
$user = $userManager->findUserByUsername( $this->container->get( 'security.context' )->getToken()->getUser() );
return $user;
}
}
列出操作
要安全列表操作,您需要编辑ListController并覆盖processQuery函数。此功能是为此目的而制作的,因此无需担心。限制访问的正确方法是使用AdminGenerator Filter方法:
// src/MyPrefix/MyBundle/Controller/MyController/ListController.php
// ...
protected function processFilters( $query )
{
// Get current user
$userManager = $this->get( 'fos_user.user_manager' );
$user = $userManager->findUserByUsername( $this->get( 'security.context' )->getToken()->getUser() );
$filterObject = $this->getFilters();
$queryFilter = $this->getQueryFilter();
$queryFilter->setQuery( $query );
//
// THIS IS THE MAGIC
// change this part to check if user and object has the same group related
// I assumed that the object has one related group and user can have more groups
//
foreach( $user->getGroups() as $group )
{
$queryFilter->addEntityFilter( 'group', $group );
}
parent::processFilters( $query );
}
答案 1 :(得分:0)
我使用的解决方案是在方法Query上覆盖List Controller。在这里,您可以通过任何修改来设置您的个人查询。