我有带注释* @Security("is_granted('PERM_MODULE_OUTBOUND_INVOICES_READ')")的控制器,我在此控制器中为某些操作编写测试,创建用户和loginIn,以及当此操作的调用路径出错时
Expression "is_granted('PERM_MODULE_OUTBOUND_INVOICES_READ')" denied access.
向用户PERM_MODULE_OUTBOUND_INVOICES_READ添加角色时仍有拒绝访问权限
当评论tgis并且在行动中检查当前用户被授予true
/**
* @Route("/manage/new_outbound_invoices", name="new_outbound_invoices")
*/
public function outBoundInvoiceListsAction(Request $request)
{
$check = $this->get('security.authorization_checker')
->isGranted('PERM_MODULE_OUTBOUND_INVOICES_READ', $this->getUser());
但是由于安全注释访问被拒绝,为什么不理解 这是我的考试
$user = $this->user;
$this->logIn($user);
//$t = $this->getContainer()->get('security.context')->getToken(); try get token and have null, but in action have user from session
$this->client->setServerParameter('HTTP_HOST', 'erp.houseoptima.fi.local');
$crawler = $this->client->request('GET', '/economy/manage/new_outbound_invoices');
LogIn
的这个功能 public function logIn(User $user)
{
$session = $this->client->getContainer()->get('session');
$firewall = 'main';
$token = new UsernamePasswordToken($user, null, $firewall, $user->getRoles());
$session->set('_security_'.$firewall, serialize($token));
$session->save();
$cookie = new Cookie($session->getName(), $session->getId());
$this->client->getCookieJar()->set($cookie);
}
这种安全性有什么问题?注释错误403 withot 200,当签入操作被授予时,用户具有真实
答案 0 :(得分:2)
您需要传递User对象
/**
* @Security("is_granted('PERM_MODULE_OUTBOUND_INVOICES_READ', user)")
*/
public function indexAction(User $user)
{