[英]Symfony: un-secure a backend module for certain kinds of users. How?
Straight to the point -- I have a Symfony 1.3 / Propel 1.4 project.直截了当——我有一个 Symfony 1.3 / Propel 1.4 项目。 I have a module which is secured via
is_secure: true
in its own security.yml
.我有一个通过
is_secure: true
在它自己的security.yml
中保护的模块。 I want this module to be accessible not only for super admins -- I am using the sfGuardPlugin
symfony plugin.我希望这个模块不仅可供超级管理员访问——我正在使用
sfGuardPlugin
symfony 插件。 The module is located in the backend
app.该模块位于
backend
应用程序中。
I would like to make the module accessible to users who have any value of their type
property.我想让具有任何
type
属性值的用户可以访问该模块。 Regular users of the site have NULL
in there, all of the rest have a value of some kind.该网站的普通用户在那里有
NULL
,所有 rest 都有某种价值。 When I change the security directive to is_secure: false
(just to test it), I then go to /admin
and do login with a user who has some type
, I get properly redirected to /admin/purchases
(the only non-secured backend
module) but with security error message -- "You do not have access to show this page" or something along the lines.当我将安全指令更改为
is_secure: false
(只是为了测试它),然后我将 go 更改为/admin
并使用具有某种type
的用户登录,我被正确重定向到/admin/purchases
(唯一的非安全backend
模块),但带有安全错误消息——“您无权显示此页面”或类似的内容。
Since I am not quite so familiar with sfGuardPlugin
(and Symfony's security in general), I would like some help as to how do I do this, please.由于我对
sfGuardPlugin
(以及 Symfony 的一般安全性)不太熟悉,所以我希望得到一些关于如何执行此操作的帮助。
See documentation about action security.请参阅有关操作安全性的文档。
Use group permissions from sfGuardPlugin to automatically ad credentials for users of your choice (see extra documentation for sfGuardPlugin in order to understand how the plugin converts user groups and permissions into credentials)使用 sfGuardPlugin 的组权限自动为您选择的用户广告凭据(请参阅 sfGuardPlugin 的额外文档以了解插件如何将用户组和权限转换为凭据)
If you don't want to relay on the security.yml credentials, you could also handle this inside an action:如果您不想中继 security.yml 凭据,您也可以在操作中处理此问题:
public function executeIndex($request){
if(!$this->getUser()->hasGroup('desired-group')){
$this->getUser->setFlash('message', 'You do not have access to show this page');
return $this->redirect('admin/purchases');
}
// more logic here
}
If this works for more actions of your module, yould could use the preExecute() methode in case of DRY (dont repeat yourself…)如果这适用于您的模块的更多操作,您可以在 DRY 的情况下使用 preExecute() 方法(不要重复自己......)
As long as you've got the right credentials for each user.只要您拥有每个用户的正确凭据。 In your backend modules security.yml file you can do this:
在您的后端模块 security.yml 文件中,您可以这样做:
all:
credentials: [[admin, developer]]
Or you can do individual actions:或者您可以执行个别操作:
requestView:
credentials: [[supporter, admin, developer]]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.