[英]what symfony2 access_control really does?
lets say that i have three roles: 让我说我有三个角色:
1) ADMIN_ROLE
2) USER_ROLE
3) COMPANY_ROLE
Now I have bundles for each of that roles. 现在我为每个角色都有捆绑。
1) AdminBundle
2) UserBundle
3) CompanyBundle
I have three routes 我有三条路线
1) /admin
2) /user
3) /company
I do not want to check ho user is (what is his role) in every controller in every bundle. 我不想在每个包中的每个控制器中检查用户是什么(他的角色是什么)。 Will this part of symfony security do that for me:
这部分symfony安全性会为我做这件事:
-{ path: ^/admin, roles: ROLE_ADMIN } #only ROLE_ADMIN will be able to see this
-{ path: ^/user, roles: ROLE_USER } #only ROLE_USER will be able to see this
-{ path: ^/company, roles: ROLE_COMPANY } #only ROLE_COMPANY will be able to see this
My questions are: 我的问题是:
1) Is it possible to have ROLE_COMPANY (or any other custom role for that metter)? 1)是否可以拥有ROLE_COMPANY(或该metter的任何其他自定义角色)?
2) Will access_control do checking of logged in users roles and lets say if I am ROLE_ADMIN and trying to access some page that is for ROLE_USER, will symfony handle that and say "this is not for admin, this is for user"? 2)access_control会检查已登录的用户角色,并说如果我是ROLE_ADMIN并尝试访问某个用于ROLE_USER的页面,symfony会处理并说“这不适用于管理员,这是针对用户的”吗?
3) If symfony can not handle this for me, is it possible to have some Event listener on every page open/refresh that will check this for me? 3)如果symfony无法为我处理这个问题,是否可以在每个页面上打开/刷新一些事件监听器来检查这个?
I do not want to check in every controller who logged user is. 我不想检查登录用户的每个控制器。 It is kind of stupid.
这有点愚蠢。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.