[英]Alternatives to isGranted in Symfony2
While testing roles in my application I found the function isGranted
of the SecurityContext
. 在我的应用程序中测试角色时,我发现了
SecurityContext
的函数isGranted
。 It works great but now I need to check the roles of a user that is not the current user so isGranted
doesn't work for me. 它工作得很好,但现在我需要检查不是当前用户的用户的角色,因此
isGranted
对我不起作用。
I've been looking and I found the function hasRole
of the user, the problem is that this function doesn't look in the hierarchy tree of Symfony and it just looks in the roles assigned to the user. 我一直在寻找,我发现用户的函数
hasRole
,问题是这个函数没有查看Symfony的层次结构树,它只是查看分配给用户的角色。
So, Is there a function that looks for a role of a user looking in the hierarchy tree like isGranted
do for the current user? 那么,是否有一个函数可以查找像
isGranted
那样在当前用户中查找层次结构树的用户的角色?
EDIT 编辑
I found this solution: 我发现这个解决方案:
How to use the AccessDecisionManager in Symfony2 for authorization of arbitrary users? 如何在Symfony2中使用AccessDecisionManager来授权任意用户?
I implemented it and it works, the problem is that it needs the ContainerBuilder
and I would prefer a different approach. 我实现它,它的工作原理,问题是它需要
ContainerBuilder
,我宁愿采用不同的方法。
Any Idea? 任何的想法?
Basically AFAIK SecurityContext work with Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface
from where can fetch current user using getUser
method. 基本上AFAIK SecurityContext可以与
Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface
使用,从中可以使用getUser
方法获取当前用户。
If user token is not authenticated then isGranted
trying authenticate user token first and then use class called AccessDecisionManager
which basically iterate over voters objects and call them (and can use different strategies for that) One of called voters is RoleHierarchyVoter
which use Symfony\\Component\\Security\\Core\\Role\\RoleHierarchy
. 如果用户令牌未经过身份验证,则
isGranted
尝试验证用户令牌,然后使用名为AccessDecisionManager
类,它基本上遍历选民对象并调用它们(并且可以使用不同的策略)其中一个被调用的选民是RoleHierarchyVoter
,它使用Symfony\\Component\\Security\\Core\\Role\\RoleHierarchy
。
So answer to your question: 所以回答你的问题:
I think that is no such function like isGranted for other users (or do not know about any), but you can write own service which allow to that using security.role_hierarchy
(just notice that is private service). 我认为对于其他用户来说没有像isGranted这样的函数(或者不知道任何用户),但你可以使用
security.role_hierarchy
编写自己的服务(只需注意这是私有服务)。
BTW hasRole
probably should be sufficient most of the time, so maybe you should think about what do you want to do ;) BTW
hasRole
在大多数时候可能应该足够了,所以也许你应该考虑一下你想做什么;)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.