Sonata Admin:isGranted()始终在Admin类中返回true,但在模板中更正布尔值

时间:2016-05-24 09:37:50

标签: php symfony authentication sonata-admin sonata-user-bundle

我在SonataAdminBundle项目中使用SonataUserBundleSymfony 2。已安装的软件包是:

$ composer show | grep symfony
friendsofsymfony/rest-bundle             1.7.7              This Bundle provides various tools to rapidly develop RESTful API's with Symfony
friendsofsymfony/user-bundle             v1.3.6             Symfony FOSUserBundle
symfony/assetic-bundle                   v2.8.0             Integrates Assetic into Symfony2
symfony/css-selector                     v2.8.6             Symfony CssSelector Component
symfony/dom-crawler                      v2.8.6             Symfony DomCrawler Component
symfony/monolog-bundle                   2.11.1             Symfony MonologBundle
symfony/polyfill-apcu                    v1.1.1             Symfony polyfill backporting apcu_* functions to lower PHP versions
symfony/polyfill-mbstring                v1.1.1             Symfony polyfill for the Mbstring extension
symfony/swiftmailer-bundle               v2.3.11            Symfony SwiftmailerBundle
symfony/symfony                          v2.7.13            The Symfony PHP framework

$ composer show | grep sonata
sonata-project/admin-bundle              2.3.10             Symfony SonataAdminBundle
sonata-project/block-bundle              2.2.15             Symfony SonataBlockBundle
sonata-project/cache                     1.0.7              Cache library
sonata-project/core-bundle               2.3.11             Symfony SonataCoreBundle
sonata-project/doctrine-extensions       1.0.2              Doctrine2 behavioral extensions
sonata-project/doctrine-orm-admin-bundle 2.3.4              Symfony Sonata / Integrate Doctrine ORM into the SonataAdminBundle
sonata-project/easy-extends-bundle       2.1.10             Symfony SonataEasyExtendsBundle
sonata-project/exporter                  1.4.1              Lightweight Exporter library
sonata-project/google-authenticator      1.0.2              Library to integrate Google Authenticator into a PHP project
sonata-project/user-bundle               2.2.5              Symfony SonataUserBundle

security.yml配置文件中的角色:

role_hierarchy:
    ROLE_ADMIN:       [ROLE_USER, ROLE_SONATA_ADMIN]
    ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

仅使用ROLE_ADMIN的用户登录,来自UserAdmin类的以下转储:

dump($this->isGranted('ROLE_ALLOWED_TO_SWITCH'));
dump($this->isGranted('ROLE_BLA_BLA_BLA'));
dump($this->isGranted('ROLE_USER'));

在Symfony工具栏中打印(在dev环境中)

true
true
true

如果我将转储放在一个被覆盖的Sonata模板中,如app/Resources/SonataAdminBundle/views/CRUD/[anytemplate].html.twig

{{ dump(is_granted('ROLE_ALLOWED_TO_SWITCH')) }}
{{ dump(is_granted('ROLE_BLA_BLA_BLA')) }}
{{ dump(is_granted('ROLE_USER')) }}

返回正确的值。

false
false
true

我加入了这个,因为SonataUserBundle中的这一行没有效果:https://github.com/sonata-project/SonataUserBundle/blob/3.x/Admin/Model/UserAdmin.php#L95

此处描述isGranted()用法:http://symfony.com/doc/current/bundles/SonataAdminBundle/reference/security.html#usage

我做错了什么还是这个错误?

修改

感谢@ mickadoo的评论,我注意到我有默认的处理程序sonata.admin.security.handler.noop,据说总是返回true,无论这意味着什么。我使用sonata.admin.security.handler.role进行了设置并创建了一些角色(ROLE_SONATA_USER_ADMIN_USER_LISTROLE_SONATA_USER_ADMIN_USER_VIEW),现在它返回$this->isGranted('LIST')$this->isGranted('VIEW')的正确值,但始终返回false$this->isGranted('ROLE_USER')的{​​{1}}。

如何查看此角色?

3 个答案:

答案 0 :(得分:2)

应使用默认的Symfony安全上下文检查

通用,非实体角色,如ROLE_USERROLE_ADMINROLE_SUPER_ADMINROLE_{CUSTOM_STRING}

Admin课程中:

$securityContext = $this->getConfigurationPool()->getContainer()->get('security.context');

if ($securityContext->isGranted('ROLE_USER')) {
    // Your PHP code here
}

Twig模板中:

{% if is_granted('ROLE_USER') %}
    Your HTML/Twig content here.
{% endif %}
可以使用Sonata管理员帮助程序或Symfony安全上下文检查

实体操作角色,例如ROLE_SONATA_USER_ADMIN_USER_LISTROLE_SONATA_USER_ADMIN_USER_VIEWROLE_{CUSTOM_SONATA_ADMIN_SERVICE_NAME}_{ACTION}

Admin课程中:

// Using Symfony security context
$securityContext = $this->getConfigurationPool()->getContainer()->get('security.context');

if ($securityContext->isGranted('ROLE_SONATA_USER_ADMIN_USER_LIST')) {
    // your code here
}

// Using Sonata helper for shorter syntax
if ($this->isGranted('LIST')) {
    // your code here
}

Twig模板中:

<!-- Using Symfony security context -->
{% if is_granted('ROLE_SONATA_USER_ADMIN_USER_LIST') %}
    Your HTML/Twig content here.
{% endif %}

<!-- Using Sonata helper -->
{% if admin.isGranted('LIST') %}
    Your HTML/Twig content here.
{% endif %}

答案 1 :(得分:1)

这在奏鸣曲管理员和Symfony 4中对我有用:

/**
 * @param string $role
 * @return bool
 */
protected function checkUserHasRole(string $role): bool
{

    $securityContext = $this->getConfigurationPool()->getContainer()->get('security.authorization_checker');
    try {
        return $securityContext->isGranted($role);
    } catch (AuthenticationCredentialsNotFoundException $e) {
        return false;
    }
}

答案 2 :(得分:0)

现在正在处理一个项目,似乎isGranted正在管理类中执行此操作。 我发现的解决方法是在Admin类中:

if ($this->getContainer()->get('security.token_storage')->getToken()->getUser()->getRoles()[0] == 'ROLE_EMPLOYEE') {}

它返回您在创建用户时分配的角色(没有继承)。 您当然需要满足继承要求,因此您必须列出要允许或禁止的所有角色,以列出的较少者为准。 检查getUser()不为空,getRoles()返回一个数组。

相关问题
最新问题