Symfony - 获取匿名用户而不是经过身份验证的用户

时间:2014-10-27 14:00:43

标签: php symfony

我正在使用symfony 2开发一个简单的博客。

我遇到了安全问题。我想显示"编辑"如果用户在网站上隐藏了链接,但我获得了匿名用户。

这是我的security.yml和模板代码。谢谢!

security.yml:

security:
encoders:
    Symfony\Component\Security\Core\User\User: plaintext

role_hierarchy:
    ROLE_ADMIN: ROLE_USER
    ROLE_SUPER_ADMIN:   [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

providers:
    in_memory:
        memory:
            users:
                admin: { password: admin, roles: ['ROLE_ADMIN'] }

firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    # secures part of the application
    blog_secured_area:
        pattern:    ^/edit
        anonymous: ~
        http_basic:
            realm: "Secured Blog Area"

    # the blog page has to be accessible for everybody
    blog_public:
        pattern:  ^/
        anonymous: true


access_control:
    - { path: ^/edit, roles: ROLE_ADMIN }

article.html.twig(网址:/ detail / {id})

{% if is_granted('ROLE_ADMIN') %}
    <a href="{{path('yago_web_blog_edit', {'id': article.id} )}}">Editar</a>
{% endif %}

1 个答案:

答案 0 :(得分:1)

尝试切换安全防火墙的顺序:

firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
    pattern:  ^/(_(profiler|wdt)|css|images|js)/
    security: false

# the blog page has to be accessible for everybody
blog_public:
    pattern:  ^/
    anonymous: true

# secures part of the application
blog_secured_area:
    pattern:    ^/edit
    anonymous: ~
    http_basic:
        realm: "Secured Blog Area"

access_control:
- { path: ^/edit, roles: ROLE_ADMIN }

因为我认为symfony2将扫描防火墙并按照它们编写的顺序一个接一个地查看它们,在您的情况下,最后一个告诉所有路由都可以anonymous角色访问,因此它将在{也是{1}}路线。