[英]Symfony2 - Custom authorization/access control logic
Our system allows for an unlimited level of nested Company
entities (domain object), with each User
assigned to a single company. 我们的系统允许无限级的嵌套Company
实体(域对象),每个User
分配给一个公司。 For any given user, all users assigned to a company in the tree beneath them are rights managed by that user. 对于任何给定的用户,在其下面的树中分配给公司的所有用户均由该用户管理权限。
Each User
can be assigned certain security attributes for a given class (ie the ADD
attribute for blog posts) as well as security attributes for an object of a given class (ie the EDIT
attribute on blog post X). 可以为每个User
分配给定类的某些安全属性(即博客文章的ADD
属性)以及给定类的对象的安全属性(即博客文章X上的EDIT
属性)。 These attributes should also be available to any users above them in the company tree. 这些属性也应对公司树中位于其上方的任何用户可用。
It seems like this structure does not fit into the default security roles or Symfony ACL system very well. 看来此结构不太适合默认安全角色或Symfony ACL系统。
Creating an Access Control Entry (ACE) to assign rights for every user that has access to an object seems inefficient, and given the complexity of the user structure outlined above, assigning access to all users of a certain role would be cumbersome. 创建访问控制条目(ACE)为每个有权访问对象的用户分配权限似乎效率低下,并且鉴于上述用户结构的复杂性,将访问权限分配给具有特定角色的所有用户将很麻烦。
Is there a way to make this fit with a custom instance of SecurityIdentityInterface
, or should I use a custom security voter? 有没有办法使它适合SecurityIdentityInterface
的自定义实例,还是应该使用自定义安全投票器?
fosuserbundle will be your solution fosuserbundle将是您的解决方案
and symfony acl 和symfony acl
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.