如何防止访问Symfony 2中的特定路由

时间:2014-11-04 09:23:21

标签: security symfony routes yaml

我是symfony2的新手,我不了解security.yml的工作方式

我的应用程序中有2个角色:ROLE_USER,ROLE_ADMIN。

ROLE_USER:只能查看(不能CRUD)
ROLE_ADMIN:可以做任何事情(可以CRUD)

我有两个基本问题:

  1. app / config中只有1个security.yml吗?我可以为我的捆绑包ThePartner \ EZFBundle \ Resource \ config创建一个security.yml,在那里我可以指定一个角色可以访问的路由吗?

  2. 我想阻止ROLE_USER访问路由blue_form_new,blue_form_create,blue_form_edit,blue_form_update,blue_form_delete?此ROLE_USER只能访问blue_form,blue_form_show

  3. 这是我的ThePartner \ EZFBundle \ Resources \ routing.yml

    ThePartnerEZFBundle_blue_form:
        resource: "@ThePartnerEZFBundle/Resources/config/routing/blueform.yml"
        prefix:   /blue_form
    

    这是ThePartnerEZFBundle / Resources / config / routing / blueform.yml

    blue_form:
        pattern:  /
        defaults: { _controller: "ThePartnerEZFBundle:BlueForm:index" }
    
    blue_form_show:
        pattern:  /{id}/show
        defaults: { _controller: "ThePartnerEZFBundle:BlueForm:show" }
    
    blue_form_new:
        pattern:  /new
        defaults: { _controller: "ThePartnerEZFBundle:BlueForm:new" }
    
    blue_form_create:
        pattern:  /create
        defaults: { _controller: "ThePartnerEZFBundle:BlueForm:create" }
        requirements: { _method: post }
    
    blue_form_edit:
        pattern:  /{id}/edit
        defaults: { _controller: "ThePartnerEZFBundle:BlueForm:edit" }
    
    blue_form_update:
        pattern:  /{id}/update
        defaults: { _controller: "ThePartnerEZFBundle:BlueForm:update" }
        requirements: { _method: post|put }
    
    blue_form_delete:
        pattern:  /{id}/delete
        defaults: { _controller: "ThePartnerEZFBundle:BlueForm:delete" }
        requirements: { _method: post|delete }
    

    谢谢你们

1 个答案:

答案 0 :(得分:2)

您需要配置的只是security.yml。您可以定义多个适用于不同路由的防火墙:

security:
    firewalls:
        your_first_firewall:
            pattern: /public/ #this is regexp, so all urls starting with /public/ will   match
            security: false #this will be public, no firewall
        your_second_firewall:
            pattern: /nonPublic/
            security: true

请记住,防火墙条目的顺序非常重要 - 首先匹配的模式将会赢得"赢得"。

您还可以从捆绑包中导入安全设置。为此,您需要在主security.yml中导入论坛的config.yml文件 - 描述here

# app/config/config.yml
imports:
    - { resource: '@AcmeDemoBundle/Resources/config/security.yml' }