我正在使用symfony 2开发一个简单的博客。
我遇到了安全问题。我想显示"编辑"如果用户在网站上隐藏了链接,但我获得了匿名用户。
这是我的security.yml和模板代码。谢谢!
security.yml:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
admin: { password: admin, roles: ['ROLE_ADMIN'] }
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# secures part of the application
blog_secured_area:
pattern: ^/edit
anonymous: ~
http_basic:
realm: "Secured Blog Area"
# the blog page has to be accessible for everybody
blog_public:
pattern: ^/
anonymous: true
access_control:
- { path: ^/edit, roles: ROLE_ADMIN }
article.html.twig(网址:/ detail / {id})
{% if is_granted('ROLE_ADMIN') %}
<a href="{{path('yago_web_blog_edit', {'id': article.id} )}}">Editar</a>
{% endif %}
答案 0 :(得分:1)
尝试切换安全防火墙的顺序:
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# the blog page has to be accessible for everybody
blog_public:
pattern: ^/
anonymous: true
# secures part of the application
blog_secured_area:
pattern: ^/edit
anonymous: ~
http_basic:
realm: "Secured Blog Area"
access_control:
- { path: ^/edit, roles: ROLE_ADMIN }
因为我认为symfony2将扫描防火墙并按照它们编写的顺序一个接一个地查看它们,在您的情况下,最后一个告诉所有路由都可以anonymous
角色访问,因此它将在{也是{1}}路线。