[英]Symfony 3 - I have some difficulties to manage my roles
I'm trying to establish roles on my site. 我正在尝试在我的网站上建立角色。 I have 3 administration pages:
我有3个管理页面:
The ROLE_ADMIN must be able to access these 3 links. ROLE_ADMIN必须能够访问这3个链接。
ROLE_INFOS must be able to access /admin/information ROLE_INFOS必须能够访问/ admin /信息
ROLE_PACKAGES must be able to access /admin/packages ROLE_PACKAGES必须能够访问/ admin / packages
My security.php looks like : 我的security.php看起来像:
# app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER, ROLE_INFOS, ROLE_PACKAGES
ROLE_INFOS: ROLE_INFOS, ROLE_USER
ROLE_PACKAGES: ROLE_PACKAGES, ROLE_USER
ROLE_USER: ROLE_USER
//... // ...
access_control:
- { path: ^/admin/paquets, role: ROLE_PACKAGES }
- { path: ^/admin/informations, role: ROLE_INFOS }
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/accueil, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
I wanted to know if my way of organizing this is correct? 我想知道我的组织方式是否正确?
In addition, on my site, I have a navbar that displays different tabs depending on the role of the user 此外,在我的网站上,我有一个导航栏,根据用户的角色显示不同的选项卡
I have a tab "Management" which is actually a drop-down menu pointing to the 3 possible links (packages, users, information). 我有一个“管理”选项卡,它实际上是一个指向3个可能链接(程序包,用户,信息)的下拉菜单。
Only, I have this in my base.html.twig: 只有,我的base.html.twig中有这个:
{% if is_granted('ROLE_ADMIN') %}
this condition shows me the management tab for the admins. 这种情况向我显示了管理员的管理选项卡。 I would like it to be displayed for each of the roles I mentioned ( ROLE_ADMIN, ROLE_INFO, ROLE_PACKAGES ).
我希望针对我提到的每个角色( ROLE_ADMIN,ROLE_INFO,ROLE_PACKAGES )进行显示。
Do I have to make something like : 我需要做类似的事情吗:
{% if is_granted('ROLE_ADMIN') %} or
{% if is_granted('ROLE_INFOS') %} or
{% if is_granted('ROLE_PACKAGES') %}
Thanks for your help 谢谢你的帮助
You can manage it as you already done it, but... 您可以按已完成的方式进行管理,但是...
#app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_INFOS, ROLE_PACKAGES]
ROLE_INFOS: [ROLE_USER]
ROLE_PACKAGES: [ROLE_USER]
In your view you can hide some links by using: 在您的视图中,您可以使用以下方法隐藏一些链接:
{% if is_granted('ROLE_ADMIN') %}
<a href="{{ path('packages_foo') }}">Link to admin packages</a>
{% endif %}
Be aware, that only security annotation in a Controller manage security access. 请注意,只有Controller中的安全注释才能管理安全访问。 If you only use the code above, a user can access to page if it know URL to access to administration page.
如果仅使用上面的代码,则只要用户知道访问管理页面的URL,便可以访问该页面。
In your controller, you can set security with security annotations which is a better practice than control_access
tools in security.yaml
file: 在控制器中,可以使用安全注释设置安全性,这比
security.yaml
文件中的control_access
工具更好:
#src/Controller/PackageController.php
/* ... */
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
/* ... */
/**
* Package controller .
*
* @Route("/admin/packages")
*
* @Security("is_granted('ROLE_PACKAGE')")
*/
class PaymentController extends AbstractController
Have a look on Symfony security annotation documentation. 看看Symfony安全注释文档。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.