[英]Symfony security is granted
I have controller with annotation * @Security("is_granted('PERM_MODULE_OUTBOUND_INVOICES_READ')")
and I write test for some action in this controller, create user and loginIn, and when call rout for this action have error 我的控制器带有注释
* @Security("is_granted('PERM_MODULE_OUTBOUND_INVOICES_READ')")
,我在此控制器中为某些操作编写了测试,创建了用户和loginIn,并且为此操作调用rout时出错
Expression "is_granted('PERM_MODULE_OUTBOUND_INVOICES_READ')" denied access.
when add role to user PERM_MODULE_OUTBOUND_INVOICES_READ
still have access denied 当向用户
PERM_MODULE_OUTBOUND_INVOICES_READ
添加角色时,访问仍然被拒绝
when commented tgis and in action check current user is granted have true
当评论tgis并在操作中检查当前用户是否被授予为
true
/**
* @Route("/manage/new_outbound_invoices", name="new_outbound_invoices")
*/
public function outBoundInvoiceListsAction(Request $request)
{
$check = $this->get('security.authorization_checker')
->isGranted('PERM_MODULE_OUTBOUND_INVOICES_READ', $this->getUser());
but with security annotation access denied why not understand this is my test 但是拒绝了安全注释访问,为什么不理解这是我的测试
$user = $this->user;
$this->logIn($user);
//$t = $this->getContainer()->get('security.context')->getToken(); try get token and have null, but in action have user from session
$this->client->setServerParameter('HTTP_HOST', 'erp.houseoptima.fi.local');
$crawler = $this->client->request('GET', '/economy/manage/new_outbound_invoices');
this function for LogIn 此功能用于登录
public function logIn(User $user)
{
$session = $this->client->getContainer()->get('session');
$firewall = 'main';
$token = new UsernamePasswordToken($user, null, $firewall, $user->getRoles());
$session->set('_security_'.$firewall, serialize($token));
$session->save();
$cookie = new Cookie($session->getName(), $session->getId());
$this->client->getCookieJar()->set($cookie);
}
What problem with this security ? 这种安全性有什么问题? With annotation error 403 withot 200 and when check in action is granted user have true
注释错误403取消200,并且在准予签入操作时,用户具有true
You need to pass the User
object 您需要传递
User
对象
/**
* @Security("is_granted('PERM_MODULE_OUTBOUND_INVOICES_READ', user)")
*/
public function indexAction(User $user)
{
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.