堆栈内存溢出
  简体   繁体   English

Sonata User Bundle - 如何限制用户只能编辑自己的个人资料?

[英]Sonata User Bundle - How to restrict users to only be able to edit their own profile?

 原文  2022-01-25 16:59:14       php/ symfony/ sonata-user-bundle

问题描述

I'm using Symfony 5 and a development snapshot of the Sonata User Bundle 5 and, as the title says, I would like to restrict the active (authenticated) user to only be able to edit his own profile (and not the profiles of all of the other users with the same role).我正在使用 Symfony 5 和 Sonata User Bundle 5 的开发快照,正如标题所说,我想限制活动(经过身份验证的)用户只能编辑他自己的个人资料(而不是所有人的个人资料)具有相同角色的其他用户)。 Currently I just have the choice between all or nothing as the permissions are handled by the roles and all users with the same role have the same permission.目前我只能选择全部或全部,因为权限由角色处理,并且具有相同角色的所有用户都具有相同的权限。 Could anyone push me into the right direction?谁能把我推向正确的方向?

1 个解决方案

解决方案1
 1  2022-07-29 10:35:30

I wanted to do the same thing as you (with sf 5.4, SonataAdminBundle 4.14 and SonataUserBundle 5.3), I ended up using a custom controller and the preEdit and preShow methods.我想做和你一样的事情(使用 sf 5.4、SonataAdminBundle 4.14 和 SonataUserBundle 5.3),我最终使用了自定义 controller 以及preEditpreShow方法。

<?php
namespace App\Controller;

use Sonata\AdminBundle\Controller\CRUDController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use App\Entity\SonataUserUser;

class CustomCRUDController extends CRUDController
{
    const deniedMessage = "Put your custom access denied message here.";
    
    public function __construct(Security $security)
    {
       $this->security = $security;
    }
    
    protected function preEdit(Request $request, object $object): ?Response
    {
        if ($object instanceof SonataUserUser) {
            if (!$this->security->isGranted('ROLE_SUPER_ADMIN') &&
                $this->security->getUser()->getId() != $object->getId()) {
                throw new AccessDeniedException(SELF::deniedMessage);
             }
        }

        return null;
    }

    protected function preShow(Request $request, object $object): ?Response
    {
        if ($object instanceof SonataUserUser) {
            if (!$this->security->isGranted('ROLE_SUPER_ADMIN') &&
                $this->security->getUser() != $object->getId()) {
                throw new AccessDeniedException(SELF::deniedMessage);
            }
        }

        return null;
    }
}

In sonata_admin.yaml :sonata_admin.yaml

sonata_admin:
    default_controller: App\Controller\CustomCRUDController

With this, users who don't have the role ROLE_SUPER_ADMIN shouldn't be able to edit or show other users.有了这个,没有角色ROLE_SUPER_ADMIN的用户应该不能编辑或显示其他用户。

I don't know if it is the right way to do it or if it is a solid bug-free solution, but it seems to works for me.我不知道这是否是正确的方法,或者它是否是一个可靠的无错误解决方案,但它似乎对我有用。

FYI: one could also use a custom voter if they need to implement properly a more complex logic.仅供参考:如果他们需要正确实施更复杂的逻辑,也可以使用自定义选民

I'm six months late for @perfetzki but I hope this will be useful for others. @perfetzki 我迟到了六个月,但我希望这对其他人有用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Laravel限制用户只能查看自己的个人资料 - Laravel restrict users to only be able to see their own profile 如何限制用户只能查看自己的个人资料 - How to restrict a user to only see their own profile 如何使用Sonata管理员捆绑包上传图片并在个人资料编辑中显示 - How to upload image and display on edit of profile using sonata admin bundle Codeigniter仅以用户身份编辑自己的配置文件 - Codeigniter Edit only own profile as user 如何限制经过身份验证的用户只能访问他们的个人资料 - How to restrict authenticated users to only access their on profile Sonata用户捆绑包:管理许多类别的用户 - Sonata User Bundle: Managing many categories of users 允许用户仅在奏鸣曲中编辑其实体 - Allow users to edit only their enities in sonata 使用FOS用户包编辑用户配置文件 - Edit user profile using FOS User Bundle 奏鸣曲用户捆绑包,覆盖 - sonata user bundle, override 编辑对象Sonata管理员捆绑包 - Edit Object Sonata admin bundle
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM