堆栈内存溢出
  简体   繁体   English

fos 用户:即使用户只有一个角色,也允许路由到多个角色

[英]fos user: allow route to many roles even if user have just one role

 原文  2016-04-21 08:05:28       symfony/ security/ authorization/ fosuserbundle/ roles

问题描述

In my symfony project, using the FOS bundle, I have 4 roles like this:在我的 symfony 项目中,使用 FOS 包,我有 4 个这样的角色:

  • ROLE_USER_ONE ROLE_USER_ONE
  • ROLE_USER_TWO ROLE_USER_TWO
  • ROLE_USER_THREE ROLE_USER_THREE

They can't access to the same views, except for one.他们无法访问相同的视图,只有一个视图除外。 This is my controller for render the view:这是我用于渲染视图的控制器:

/**
 * @Security("has_role('ROLE_USER_ONE', 'ROLE_USER_TWO', 'ROLE_USER_THREE')")
 * @Route("/add-note", name="add_user_note")
 * @Method({"GET"})
 */
public function addNoteToUserAction()
{
  $securityContext = $this->container->get('security.authorization_checker');

  if ($securityContext->isGranted('ROLE_USER_ONE', 'ROLE_USER_TWO', 'ROLE_USER_THREE')) {
    /* ... some persist datas and process here ... */
    return $this->render('MyBundle:NoteUser:addNote.html.twig', array(
    ));
  } else {
      throw new \Exception('You have no right to access this page');
  }
}

To test the view rendering, I create a user with role ROLE_USER_TWO.为了测试视图渲染,我创建了一个角色为 ROLE_USER_TWO 的用户。 And when I render the view I have this error:当我渲染视图时,出现此错误:

Expression "has_role('ROLE_USER_ONE', 'ROLE_USER_TWO', 'ROLE_USER_THREE')" denied access.表达式“has_role('ROLE_USER_ONE', 'ROLE_USER_TWO', 'ROLE_USER_THREE')”拒绝访问。

As I understand, Symfony expected the user have all the roles, how can I allow the view access to user which as at less one of these roles in my controller annotations and controller code?据我了解,Symfony 期望用户拥有所有角色,我怎样才能允许对用户的查看访问权限,而我的控制器注释和控制器代码中至少有这些角色之一?

2 个解决方案

解决方案1
 8 已采纳  2016-04-21 08:44:16

Instead of trying to put every role into the same has_role() statement, you have to concatenate them with or like this:您不必尝试将每个角色放入同一个has_role()语句中,而是必须将它们与or像这样连接:

@Security("has_role('ROLE_USER_ONE') or has_role('ROLE_USER_TWO') or has_role('ROLE_USER_THREE')")

This way, you are actually checking that the current user has at least one of these roles instead of all of them.这样,您实际上是在检查当前用户是否至少拥有这些角色中的一个,而不是所有角色。

解决方案2
 3  2016-04-21 08:36:47

I suppose you're looking for role hierarchy .我想您正在寻找角色层次结构 Your configuration will be like:您的配置将类似于:

security:
    # ...

    role_hierarchy:
        ROLE_USER_ONE : ROLE_USER_BASE
        ROLE_USER_TWO : ROLE_USER_BASE
        ROLE_USER_THREE : ROLE_USER_BASE

So users with ROLE_USER_ONE role has also role ROLE_USER_BASE etc. Then, in your controller you just need to check only for ROLE_USER_BASE :因此,具有ROLE_USER_ONE角色的用户也具有角色ROLE_USER_BASE等。然后,在您的控制器中,您只需要检查ROLE_USER_BASE

/**
 * @Security("has_role('ROLE_USER_BASE')")
 * @Route("/add-note", name="add_user_note")
 * @Method({"GET"})
 */
public function addNoteToUserAction()

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 用户的Fos用户捆绑包角色 - Fos user bundle role of user FOS Bundle用户 - 多个角色 - FOS Bundle User - multiple roles Symfony Fos用户捆绑包:链接fos_user_group和角色 - Symfony Fos User Bundle : Link fos_user_group and roles Symfony2允许FOS用户仅更新与之有关系的实体 - Symfony2 allow a FOS user to only update entities they have a relation to 路线设置中的用户角色 - User roles in route settings FOS用户捆绑包,登录许多邮件 - FOS User Bundle, login on many mails 在 Sonata admin 中对 Fos 用户包角色字段使用下拉列表 - Use dropdown for Fos User bundle roles field in sonata admin FOS用户束除ADMIN以外的所有角色均被拒绝 - FOS User Bundle every role except ADMIN is denied 根据用户角色将一条路由绑定到不同的控制器 - Bind one route to different controllers depending on user roles Symfony 为用户提供多种角色 - Symfony many role for user
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM