Symfony2-自定义授权/访问控制逻辑
[英]Symfony2 - Custom authorization/access control logic
问题描述
Our system allows for an unlimited level of nested Company entities (domain object), with each User assigned to a single company. 
我们的系统允许无限级的嵌套Company实体(域对象),每个User分配给一个公司。 For any given user, all users assigned to a company in the tree beneath them are rights managed by that user. 对于任何给定的用户,在其下面的树中分配给公司的所有用户均由该用户管理权限。
Each User can be assigned certain security attributes for a given class (ie the ADD attribute for blog posts) as well as security attributes for an object of a given class (ie the EDIT attribute on blog post X). 可以为每个User分配给定类的某些安全属性(即博客文章的ADD属性)以及给定类的对象的安全属性(即博客文章X上的EDIT属性)。 These attributes should also be available to any users above them in the company tree. 这些属性也应对公司树中位于其上方的任何用户可用。
It seems like this structure does not fit into the default security roles or Symfony ACL system very well. 看来此结构不太适合默认安全角色或Symfony ACL系统。
Creating an Access Control Entry (ACE) to assign rights for every user that has access to an object seems inefficient, and given the complexity of the user structure outlined above, assigning access to all users of a certain role would be cumbersome. 创建访问控制条目(ACE)为每个有权访问对象的用户分配权限似乎效率低下,并且鉴于上述用户结构的复杂性,将访问权限分配给具有特定角色的所有用户将很麻烦。
Is there a way to make this fit with a custom instance of SecurityIdentityInterface , or should I use a custom security voter? 有没有办法使它适合SecurityIdentityInterface的自定义实例,还是应该使用自定义安全投票器?
1 个解决方案
解决方案1
0 2013-11-21 07:29:08
fosuserbundle will be your solution fosuserbundle将是您的解决方案
and symfony acl 和symfony acl
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.