[英]Protecting controller actions and routes in Symfony
Official documentation on Symfony pages suggest using ROLE_ADMIN (example) attribute in the ACL call Symfony页面上的官方文档建议在ACL调用中使用ROLE_ADMIN(示例)属性
$this->denyAccessUnlessGranted('ROLE_ADMIN', null, 'Unable to access this page!');
my question is if it is possible to use ACL call without the ROLE_ prefix. 我的问题是,是否可以使用不带ROLE_前缀的ACL调用。
The issue is that we have multiple systems without ROLES but with permissions as "USER.CREATE" or "USER_CREATE" which would protect the route POST /user/create and action Create() in UserController. 问题是,我们有多个系统没有ROLES,但具有“ USER.CREATE”或“ USER_CREATE”权限,这将保护路由POST / user / create和UserController中的Action()。
The best solution would be to have a Voter which would call the ACL as 最好的解决方案是让Voter将ACL称为
$objectName = 'USER';
$action = 'CREATE';
$this->denyAccessUnlessGranted($objectName. '_'. $action, null, 'Unable to access this page!');
But this does not work because everything relays on ROLE_ prefix. 但这是行不通的,因为所有内容都基于ROLE_前缀进行中继。 Did anyone tried to achieve something like this?
有没有人试图实现这样的目标?
IIRC, ROLE is mandatory prefix in symfony role voter and I do not think it can be avoided (it is hardcoded) but you can create your own voters and add logic you need there, you can read more here: IIRC,ROLE是symfony角色投票器中的强制性前缀,我认为不能避免(它是硬编码的),但是您可以创建自己的投票器并在其中添加所需的逻辑,您可以在此处阅读更多内容:
https://symfony.com/doc/current/security/voters.html https://symfony.com/doc/current/security/voters.html
Also a great tutoral for voters: 对于选民来说也是一个很好的补习:
https://stovepipe.systems/post/symfony-security-roles-vs-voters https://stovepipe.systems/post/symfony-security-roles-vs-voters
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.