如何检查symfony2中的用户角色,以查找不属于模式定义的security.yml的URL?
[英]How do I check for user role in symfony2 for urls not falling under patterns defined security.yml?
问题描述
I have a admin panel and I have defined a role for it ROLE_ADMIN . 
我有一个管理面板,我为它定义了一个角色ROLE_ADMIN 。 In my security.yml file I am using a pattern ^/admin/* so every thing under /admin requires ROLE_ADMIN . 在我的security.yml文件中,我使用的是模式^/admin/*所以/ admin下的每个东西都需要ROLE_ADMIN 。 Now in frontend of my app I need to check user role and if role is ROLE_ADMIN render one file and otherwise render another file. 现在在我的应用程序的前端,我需要检查用户角色,如果角色是ROLE_ADMIN渲染一个文件,否则渲染另一个文件。 This url does not fall under the pattern defined in security.yml. 此URL不属于security.yml中定义的模式。
So how do I check whether the user is admin or a normal user on the homepage which does not fall under the pattern defined in security.yml ? 那么如何在主页上检查用户是管理员还是普通用户,该用户不属于security.yml中定义的模式?
5 个解决方案
解决方案1
29 已采纳 2012-09-06 06:36:23
Enable the firewall on the whole app using the ^/ pattern, permit anonymous access and use access_control to restrict access: 使用^/ pattern在整个应用程序上启用防火墙,允许匿名访问并使用access_control来限制访问:
security:
firewalls:
secured_area:
pattern: ^/
anonymous: ~
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
As @itsmequinn suggested, use the isGranted() method of the security context: 正如@itsmequinn建议的那样,使用安全上下文的isGranted()方法:
if ($this->get('security.context')->isGranted('ROLE_BRAND')) {
// the user has the ROLE_BRAND role, so act accordingly
}
In Symfony 2.6 , security.context has been split into two separate services. 在Symfony 2.6中 , security.context已拆分为两个单独的服务。 Hence you need to use the security.authorization_checker service to solve the problem: 因此,您需要使用security.authorization_checker服务来解决问题:
if ($this->get('security.authorization_checker')->isGranted('ROLE_BRAND')) {
// the user has the ROLE_BRAND role, so act accordingly
}
解决方案2
20 2015-08-06 21:38:17
SecurityContext will be deprecated in Symfony 3.0 SecurityContext将在Symfony 3.0弃用
Prior to Symfony 2.6 you would use SecurityContext . 在Symfony 2.6之前,您将使用SecurityContext 。
SecurityContext will be deprecated in Symfony 3.0 in favour of the AuthorizationChecker . 在Symfony 3.0中将弃用SecurityContext以支持AuthorizationChecker 。
For Symfony 2.6+ & Symfony 3.0 use AuthorizationChecker . 对于Symfony 2.6+和Symfony 3.0使用AuthorizationChecker 。
Symfony 2.5 (and below) Symfony 2.5(及以下)
if ($this->get('security.context')->isGranted('ROLE_ADMIN')) {
# User is a ROLE_ADMIN
}
Symfony 2.6 (and above) Symfony 2.6(及以上)
if ($this->get('security.authorization_checker')->isGranted('ROLE_ADMIN')) {
# User is a ROLE_ADMIN
}
Similar Question: How to check if an user is logged in Symfony2 inside a controller? 类似问题: 如何检查用户是否在控制器内登录Symfony2?
Read more the docs here: AuthorizationChecker 阅读更多文档: AuthorizationChecker
解决方案3
5 2012-09-05 18:54:25
Are you in the controller for the page? 你是该页面的控制器吗? If so, use the isGranted method of the security context: Access Controls for Controllers 如果是这样,请使用安全上下文的isGranted方法: 控制器的访问控制
解决方案4
1 2015-12-06 20:27:18
Easiest solution for this are annotations. 最简单的解决方案是注释。 Instead of this: 而不是这个:
if ($this->get('security.authorization_checker')->isGranted('ROLE_ADMIN')) {
# User is a ROLE_ADMIN
}
.. try use this: ..试试用这个:
/**
* ...
* @Security("has_role('ROLE_ADMIN')")
*/
.. or : .. 要么 :
/**
* ...
* @Security("is_granted('POST_ADD', post)")
*/
public function addAction(Post $post){...}
You can read more about Security annotations here . 您可以在此处阅读有关安全注释的更多信息。 Annotations are best practice in Symfony 2 look here Enjoy! 注释是Symfony的最佳实践2看这里享受!
解决方案5
0 2019-02-17 12:25:46
In Symfony 4 and above you should use code like below, instead of using services like $this->get('security.authorization_checker'): 在Symfony 4及更高版本中,您应该使用如下代码,而不是使用像$ this-> get('security.authorization_checker')这样的服务:
$hasAccess = $this->isGranted('ROLE_ADMIN');
$this->denyAccessUnlessGranted('ROLE_ADMIN');
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.