我尝试了解ACL的工作原理,但即使我为项目设置了它们(在这种情况下为$client),每个人都可以访问。
设置ACL
public function setACL($repository, $mask, $selectUser = false)
{
$objectIdentity = ObjectIdentity::fromDomainObject($repository);
$acl = $this->aclProvider->createAcl($objectIdentity);
if($selectUser === false){
$user = $this->tokenStorage->getToken()->getUser();
}else{
$user = $this->entityManager->getRepository('AppBundle:User')->find($selectUser);
}
$securityIdentity = UserSecurityIdentity::fromAccount($user);
$acl->insertObjectAce($securityIdentity, $mask);
$this->aclProvider->updateAcl($acl);
return;
}
$selectUser用于手动设置(通过Console Comannd等),它是否以这种方式工作?
获取ACL
public function getACL($repository, $granted)
{
if (is_array($repository)) {
foreach ($repository as $rp) {
if (false === $this->authorizationChecker->isGranted($granted, get_class($rp))) {
$this->get('log')->writeLog('Access denied.', __LINE__, 3);
return new JsonResponse(array(
'result' => 'error',
'message' => 'Not allowed'
));
}
}
} else {
if (false === $this->authorizationChecker->isGranted($granted, get_class($repository))) {
$this->get('log')->writeLog('Access denied.', __LINE__, 3);
return new JsonResponse(array(
'result' => 'error',
'message' => 'Not allowed'
));
}
}
return true;
}
为$client
$this->get('global_functions')->setACL($client, MaskBuilder::MASK_OWNER);
但是当我尝试
时获取ACL
$this->get('global_functions')->getACL($client, 'VIEW');
我可以使用我正在尝试的任何用户访问...
我哪里错了?
答案 0 :(得分:2)
自己解决了......
$this->authorizationChecker->isGranted($granted, get_class($repository))应为$this->authorizationChecker->isGranted($granted, $repository)