所以,我安装了foscomment(迄今为止最新的版本)并为ACL设置了它,并取得了成功。然后我决定添加他们的基于角色的权限。问题是,发表评论的用户无法再编辑自己的评论。如果我赋予他们角色编辑权,那么他们就可以编辑所有评论。
是否可以在foscomment包中本地使用ACL和Roles?因此编辑和删除可以设置为ROLE_ADMIN,但ACL可以允许用户编辑和删除自己的帖子,即使它们是ROLE_USER?
或者我是否必须放弃角色部分并扩展模板并将其添加到自己身上?
这是我的config.yml foscomment片段
fos_comment:
db_driver: orm
class:
model:
comment: Application\Bundle\CommentBundle\Entity\Comment
thread: Application\Bundle\CommentBundle\Entity\Thread
acl: true
service:
acl:
thread: fos_comment.acl.thread.roles
comment: fos_comment.acl.comment.roles
vote: fos_comment.acl.vote.roles
manager:
thread: fos_comment.manager.thread.acl
comment: fos_comment.manager.comment.acl
vote: fos_comment.manager.vote.acl
acl_roles:
comment:
create: ROLE_USER
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
thread:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
vote:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
答案 0 :(得分:3)
是的,这是可能的。
安装FOSUser捆绑包并关注https://github.com/FriendsOfSymfony/FOSCommentBundle/blob/master/Resources/doc/6-integration_with_fosuserbundle.md。
然后,创建以下类:
<?php
namespace Application\Sonata\CommentBundle\Acl;
use FOS\CommentBundle\Acl\RoleCommentAcl as BaseRoleCommentAcl;
use FOS\CommentBundle\Model\CommentInterface;
use FOS\CommentBundle\Model\SignedCommentInterface;
use Symfony\Component\Security\Core\SecurityContextInterface;
class RoleCommentAcl extends BaseRoleCommentAcl
{
/**
* The current Security Context.
*
* @var SecurityContextInterface
*/
private $securityContext;
/**
* Constructor.
*
* @param SecurityContextInterface $securityContext
* @param string $createRole
* @param string $viewRole
* @param string $editRole
* @param string $deleteRole
* @param string $commentClass
*/
public function __construct(SecurityContextInterface $securityContext,
$createRole,
$viewRole,
$editRole,
$deleteRole,
$commentClass
)
{
parent::__construct(
$securityContext,
$createRole,
$viewRole,
$editRole,
$deleteRole,
$commentClass);
$this->securityContext = $securityContext;
}
/**
* Checks if the Security token has an appropriate role to edit the supplied Comment.
*
* @param CommentInterface $comment
* @return boolean
*/
public function canEdit(CommentInterface $comment)
{
if ($comment instanceof SignedCommentInterface)
{
if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
return true;
}
}
return parent::canEdit($comment);
}
/**
* Checks if the Security token is allowed to delete a specific Comment.
*
* @param CommentInterface $comment
* @return boolean
*/
public function canDelete(CommentInterface $comment)
{
if ($comment instanceof SignedCommentInterface)
{
if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
return true;
}
}
return parent::canDelete($comment);
}
}
并将以下内容添加到service.yml:
<service id="application.sonata.comment.acl.comment.roles" class="Application\Sonata\CommentBundle\Acl\RoleCommentAcl" public="false">
<argument type="service" id="security.context" />
<argument>IS_AUTHENTICATED_FULLY</argument> <!-- Create role -->
<argument>IS_AUTHENTICATED_ANONYMOUSLY</argument> <!-- View role -->
<argument>ROLE_ADMIN</argument> <!-- Edit role -->
<argument>ROLE_ADMIN</argument> <!-- Delete role -->
<argument>%fos_comment.model.comment.class%</argument>
</service>
最后,使用以下内容更新config.yml:
fos_comment:
service:
acl:
comment: application.sonata.comment.acl.comment.roles
您可以根据您的要求调整创建的课程。