在Symfony2

时间:2015-09-24 15:51:00

标签: php symfony symfony-security

我最初在我的一个捆绑包中创建了一个选民并使用它没有问题。但是,我在另一个包中创建了另一个,因为它使用不同的类,它决定是否允许用户通过的方式是不同的。

问题在于,尽管我已按照与第一个完全相同的步骤,但未检测到第二个选民。

我做错了什么?是否有可能只创建和使用一个选民?

所以这是第一个正常工作的,我完全按照文档说的那样做了。

将其注册为服务

services:
  security.access.support_voter:
      class:      SupportMessageBundle\Security\Voter\SupportVoter
      public:     false
      tags:
          - { name: security.voter }

创建它。它的作用简短说明:检查当前用户SupportMessageBundle的角色,这是一个用于管理支持票据的捆绑包。我还有一个常量来检查Ticket是否由用户启动。

namespace SupportMessageBundle\Security\Voter;

use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter;
use MedAppBundle\Entity\User;
use Symfony\Component\Security\Core\User\UserInterface;

class SupportVoter extends AbstractVoter
{
    const SUPPORT = 'support';
    const SUPERADMIN = 'superadmin';
    const MEDIC = 'medic';
    const ISMINE = 'ismine';
    /* const EDIT = 'edit';*/

    protected function getSupportedAttributes()
    {
        return array(self::SUPPORT, self::SUPERADMIN,self::MEDIC,self::ISMINE/*, self::EDIT*/);
    }

    protected function getSupportedClasses()
    {
        return array('MedAppBundle\Entity\User','SupportMessageBundle\Entity\Ticket');
    }

    protected function isGranted($attribute, $object, $user = null)
    {
        // make sure there is a user object (i.e. that the user is logged in)
        if (!$user instanceof UserInterface) {
            return false;
        }

        // double-check that the User object is the expected entity.
        // It always will be, unless there is some misconfiguration of the
        // security system.
        if (!$user instanceof User) {
            throw new \LogicException('The user is somehow not our User class!');
        }

        switch ($attribute) {
            case self::SUPPORT:
                // the data object could have for example a method isPrivate()
                // which checks the Boolean attribute $private
            {

                if ($user->hasRole('ROLE_SUPPORT')||$user->hasRole('ROLE_SUPER_ADMIN')) {
                    return true;
                }
            }

                break;
            case self::SUPERADMIN:
                // the data object could have for example a method isPrivate()
                // which checks the Boolean attribute $private
            {

                if ($user->hasRole('ROLE_SUPER_ADMIN')) {
                    return true;
                }
            }

                break;
            /*case self::EDIT:
                // this assumes that the data object has a getOwner() method
                // to get the entity of the user who owns this data object
                if ($user->getId() === $post->getOwner()->getId()) {
                    return true;
                }

                break;*/
            case self::MEDIC:
                // the data object could have for example a method isPrivate()
                // which checks the Boolean attribute $private
            {

                if ($user->hasRole('ROLE_MEDIC')) {
                    return true;
                }
            }

                break;

            case self::ISMINE:
                // the data object could have for example a method isPrivate()
                // which checks the Boolean attribute $private
            {

                if ($user == $object->getSender()) {
                    return true;
                }
            }

                break;
        }

        return false;
    }
}

至于第二个,

我也将其注册为服务,在另一个包services.yml中注册:

services:

    security.access.features_voter:
        class:      MedAppBundle\Security\Voter\FeaturesVoter
        public:     false
        tags:
            - { name: security.voter }

这次我没有检查任何内容,我只是返回true,但是每次调用它都会返回false,所以有些事情显然是错误的。

namespace MedAppBundle\Security\Voter;

use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter;


class FeaturesVoter extends AbstractVoter
{
    const ISMINE = 'ismine';


    protected function getSupportedAttributes()
    {
        return array(self::ISMINE);
    }

    protected function getSupportedClasses()
    {
        return array('MedAppBundle/Entity/Features');
    }

    public function isGranted($attribute, $object, $user = null)
    {
       return true;
    }
}

我尝试的方式是:

$this->isGranted('issmine',$id); //returns false
$this->denyAccessUnlessGranted('issmine', $id, 'Unauthorized access!'); //denies access

$id是一个Feature对象,来自MedAppBundle中包含Feature实体的控制器。

然而,第一个选民工作正常,所以我必须在这个声明中做错事,或者不可能有多个。

debug:容器没有列出它们,甚至不包括它们。捆绑包在内核中加载,因为我一直在使用控制器和其他东西,只是服务似乎不起作用。所有bundle在BundlenameExtension.php文件的DependencyInjection目录中都有$loader->load('services.yml');

0 个答案:

没有答案