我最初在我的一个捆绑包中创建了一个选民并使用它没有问题。但是,我在另一个包中创建了另一个,因为它使用不同的类,它决定是否允许用户通过的方式是不同的。
问题在于,尽管我已按照与第一个完全相同的步骤,但未检测到第二个选民。
我做错了什么?是否有可能只创建和使用一个选民?
所以这是第一个正常工作的,我完全按照文档说的那样做了。
将其注册为服务
services:
security.access.support_voter:
class: SupportMessageBundle\Security\Voter\SupportVoter
public: false
tags:
- { name: security.voter }
创建它。它的作用简短说明:检查当前用户SupportMessageBundle
的角色,这是一个用于管理支持票据的捆绑包。我还有一个常量来检查Ticket是否由用户启动。
namespace SupportMessageBundle\Security\Voter;
use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter;
use MedAppBundle\Entity\User;
use Symfony\Component\Security\Core\User\UserInterface;
class SupportVoter extends AbstractVoter
{
const SUPPORT = 'support';
const SUPERADMIN = 'superadmin';
const MEDIC = 'medic';
const ISMINE = 'ismine';
/* const EDIT = 'edit';*/
protected function getSupportedAttributes()
{
return array(self::SUPPORT, self::SUPERADMIN,self::MEDIC,self::ISMINE/*, self::EDIT*/);
}
protected function getSupportedClasses()
{
return array('MedAppBundle\Entity\User','SupportMessageBundle\Entity\Ticket');
}
protected function isGranted($attribute, $object, $user = null)
{
// make sure there is a user object (i.e. that the user is logged in)
if (!$user instanceof UserInterface) {
return false;
}
// double-check that the User object is the expected entity.
// It always will be, unless there is some misconfiguration of the
// security system.
if (!$user instanceof User) {
throw new \LogicException('The user is somehow not our User class!');
}
switch ($attribute) {
case self::SUPPORT:
// the data object could have for example a method isPrivate()
// which checks the Boolean attribute $private
{
if ($user->hasRole('ROLE_SUPPORT')||$user->hasRole('ROLE_SUPER_ADMIN')) {
return true;
}
}
break;
case self::SUPERADMIN:
// the data object could have for example a method isPrivate()
// which checks the Boolean attribute $private
{
if ($user->hasRole('ROLE_SUPER_ADMIN')) {
return true;
}
}
break;
/*case self::EDIT:
// this assumes that the data object has a getOwner() method
// to get the entity of the user who owns this data object
if ($user->getId() === $post->getOwner()->getId()) {
return true;
}
break;*/
case self::MEDIC:
// the data object could have for example a method isPrivate()
// which checks the Boolean attribute $private
{
if ($user->hasRole('ROLE_MEDIC')) {
return true;
}
}
break;
case self::ISMINE:
// the data object could have for example a method isPrivate()
// which checks the Boolean attribute $private
{
if ($user == $object->getSender()) {
return true;
}
}
break;
}
return false;
}
}
至于第二个,
我也将其注册为服务,在另一个包services.yml
中注册:
services:
security.access.features_voter:
class: MedAppBundle\Security\Voter\FeaturesVoter
public: false
tags:
- { name: security.voter }
这次我没有检查任何内容,我只是返回true
,但是每次调用它都会返回false
,所以有些事情显然是错误的。
namespace MedAppBundle\Security\Voter;
use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter;
class FeaturesVoter extends AbstractVoter
{
const ISMINE = 'ismine';
protected function getSupportedAttributes()
{
return array(self::ISMINE);
}
protected function getSupportedClasses()
{
return array('MedAppBundle/Entity/Features');
}
public function isGranted($attribute, $object, $user = null)
{
return true;
}
}
我尝试的方式是:
$this->isGranted('issmine',$id); //returns false
$this->denyAccessUnlessGranted('issmine', $id, 'Unauthorized access!'); //denies access
$id
是一个Feature
对象,来自MedAppBundle
中包含Feature
实体的控制器。
然而,第一个选民工作正常,所以我必须在这个声明中做错事,或者不可能有多个。
debug:容器没有列出它们,甚至不包括它们。捆绑包在内核中加载,因为我一直在使用控制器和其他东西,只是服务似乎不起作用。所有bundle在BundlenameExtension.php文件的DependencyInjection目录中都有$loader->load('services.yml');