过滤Symfony2 Admin Generator

时间:2014-01-02 15:37:38

标签: symfony filtering propel admin-generator

大家好,我需要操纵管理生成器的数据我一直在阅读文档,但这对我没有帮助。我需要用户只能看到他的小组的信息,而不是更多。

这是我的generator.yml

generator: admingenerator.generator.propel
params:
model: Velfasa\SoporteBundle\Model\Usuario
namespace_prefix: Velfasa
concurrency_lock: ~
bundle_name: SoporteBundle
pk_requirement: ~
fields: ~
object_actions:
    delete: ~
batch_actions:
    delete: ~
builders:
list:
    params:
        title: Lista de usuarios
        display: [ nombre, apellido, dpi, username, direccion, fecha_de_nacimiento]
        actions:
            new:
                route: usuario_registro
        object_actions:
            edit:
                route: usuario_editar
            delete: ~
            show: 
                route: usuario_visualizar
filters:
    params:
        display: [nombre, email, apellido, dpi, username, direccion, fecha_de_nacimiento]
new:
    params:
        title: Nuevo usuario
        display: ~
        actions:
            save: ~
            list: ~
edit:
    params:
        title: Editar
        display: ~
        actions:
            save: ~
            list: ~
show:
    params:
        title: Vista general
        display: ~
        actions:
            list: ~
            new: ~
actions:
    params:
        object_actions:
            delete: ~
        batch_actions:
            delete: ~

Y希望有人在这里帮助我

2 个答案:

答案 0 :(得分:0)

仔细查看Security part of documentation我认为您应该使用凭据。

显示/修改/删除操作

编辑yml文件并为要保护的所有对象操作添加凭证功能(检查ifOwnedByGroupSameAsCurrentUser?)。也许你有更好的名字;)

# ...
params:
    # ...
    object_actions:
        show:
            credentials: 'ifOwnedByGroupSameAsCurrentUser(object)'
        edit:
            credentials: 'ifOwnedByGroupSameAsCurrentUser(object)'
        delete:
            credentials: 'ifOwnedByGroupSameAsCurrentUser(object)' 
    # ...

现在定义功能。在同一个Bundle内部(不使用外部bundle)定义Security类:

// src/MyPrefix/MyBundle/Security/AccessEvaluator.php
<?php

namespace MyPrefix\MyBundle\Security;

use Symfony\Component\DependencyInjection\ContainerInterface;
use JMS\DiExtraBundle\Annotation as DI;

/**
 * @DI\Service
 */
class AccessEvaluator
{

    private $container;

    /**
     * @DI\InjectParams({
     *     "container" = @DI\Inject("service_container"),
     * })
     */
    public function __construct( ContainerInterface $container )
    {
        $this->container = $container;
    }

    /**
     * @DI\SecurityFunction("ifOwnedByGroupSameAsCurrentUser")
     */
    public function ifOwnedByGroupSameAsCurrentUser( $object )
    {
        // Get current user
        $user = $this->getCurrentUser();

        //
        // THIS IS THE MAGIC
        // change this part to check if user and object has the same group related
        // I assumed that the object has one related group and user can have more groups
        // 
        if( in_array( $object->getGroup(), $user->getGroups() ) )
        {
            return true;
        }

        // this function must return a boolean value
        return false;
    }

    protected function getCurrentUser()
    {
        // I use fos user bundle
        // replace with your own "get user" code
        $userManager = $this->container->get( 'fos_user.user_manager' );
        $user = $userManager->findUserByUsername( $this->container->get( 'security.context' )->getToken()->getUser() );

        return $user;
    }
}

列出操作

要安全列表操作,您需要编辑ListController并覆盖processQuery函数。此功能是为此目的而制作的,因此无需担心。限制访问的正确方法是使用AdminGenerator Filter方法:

// src/MyPrefix/MyBundle/Controller/MyController/ListController.php
// ...
protected function processFilters( $query )
{
    // Get current user
    $userManager = $this->get( 'fos_user.user_manager' );
    $user = $userManager->findUserByUsername( $this->get( 'security.context' )->getToken()->getUser() );

    $filterObject = $this->getFilters();
    $queryFilter = $this->getQueryFilter();
    $queryFilter->setQuery( $query );
    //
    // THIS IS THE MAGIC
    // change this part to check if user and object has the same group related
    // I assumed that the object has one related group and user can have more groups
    //        
    foreach( $user->getGroups() as $group )
    {
        $queryFilter->addEntityFilter( 'group', $group );
    }
    parent::processFilters( $query );
}
祝你好运!

答案 1 :(得分:0)

我使用的解决方案是在方法Query上覆盖List Controller。在这里,您可以通过任何修改来设置您的个人查询。