stackoom
  简体   繁体   中英

Bind one route to different controllers depending on user roles

 原文  2012-04-17 11:25:29       symfony

Question

In my Symfony 2 app I have 3 different user roles that can have access to a backend administration part : 

role_hierarchy:
    ROLE_STAFF:     ROLE_USER
    ROLE_MODERATOR: ROLE_STAFF
    ROLE_ADMIN:     ROLE_MODERATOR

For a route like http://example.org/admin/post/ , I'd like my app to display different informations depending on the user role, which means 3 controllers binding to an only route .

What's the best way to handle this ?

I was thinking about some solutions but none seems to be good for me :

  1. One controller, and in each action I just test user role : 

     <?php /** * @Route("/admin/post") */ class PostController extends Controller { /** * Lists all post entities. * * @Route("/", name="post_index") * @Template() * @Secure(roles="ROLE_STAFF") */ public function indexAction() { $user = $this->get('security.context')->getToken()->getUser(); if ($this->get('security.context')->isGranted('ROLE_STAFF')) { // Do ROLE_STAFF related stuff } else if ($this->get('security.context')->isGranted('ROLE_MODERATOR')) { // Do ROLE_MODERATOR related stuff } else if ($this->get('security.context')->isGranted('ROLE_ADMIN')) { // Do ROLE_ADMIN related stuff } return array('posts' => $posts); } }

    Even if that does the job, IMO obviously that's not a good design.

  2. One BackendController that dispatch to 3 different controllers : 

     <?php /** * @Route("/admin/post") */ class PostBackendController extends Controller { /** * Lists all post entities. * * @Route("", name="admin_post_index") * @Template("AcmeBlogBundle:PostAdmin:index.html.twig") * @Secure(roles="ROLE_STAFF") */ public function indexAction() { if ($this->get('security.context')->isGranted('ROLE_STAFF')) { $response = $this->forward('AcmeBlogBundle:PostStaff:index'); } else if ($this->get('security.context')->isGranted('ROLE_MODERATOR')) { $response = $this->forward('AcmeBlogBundle:PostModerator:index'); } else if ($this->get('security.context')->isGranted('ROLE_ADMIN')) { $response = $this->forward('AcmeBlogBundle:PostAdmin:index'); } return $response; } }

    Same as number one.

  3. I tried to make controllers extends each others : 

     <?php /** * @Route("/admin/post") */ class PostStaffController extends Controller { /** * Lists all post entities. * * @Route("/", name="post_index") * @Template() * @Secure(roles="ROLE_STAFF") */ public function indexAction() { $user = $this->get('security.context')->getToken()->getUser(); // Do ROLE_STAFF related stuff return array('posts' => $posts); } } <?php /** * @Route("/admin/post") */ class PostModeratorController extends PostStaffController { /** * Lists all post entities. * * @Route("/", name="post_index") * @Template() * @Secure(roles="ROLE_MODERATOR") */ public function indexAction() { $user = $this->get('security.context')->getToken()->getUser(); // As PostModeratorController extends PostStaffController, // I can either use parent action or redefine it here return array('posts' => $posts); } } <?php /** * @Route("/admin/post") */ class PostAdminController extends PostModeratorController { /** * Lists all post entities. * * @Route("/", name="post_index") * @Template() * @Secure(roles="ROLE_ADMIN") */ public function indexAction() { $user = $this->get('security.context')->getToken()->getUser(); // Same applies here return array('posts' => $posts); } }

    IMO it's a better design but I can't manage to make it works. The routing system stops on the first controller it matches. I'd like to make it act king of cascading style automatically (ie if user is staff then go to PostStaffController, otherwise if user is moderator go to PostModeratorController, otherwise go to PostAdminController).

  4. Add a listener to kernel.controller in my BlogBundle which will do the same job as number 2 ?

I'm looking for the best designed and the more flexible solution has there's chance that we add more roles in the future.

4 answers

solution1
 1  2017-08-09 08:12:04

IMHO, You sholdn't fire different controllers for the same route based on roles. It's just different responsibilities. Routes are for select controller, role are for privileges. After a year you will not remember the trick, ie. when you will trying add new role.

Of course the problem of different content for different roles is quite often, so my favorite solutions in this case are:

  1. When the controller for different roles is much different, I use different routes with redirect when needed.
  2. When the controller is similar but content is different, ie. different database query conditions, I use solution similar to yours 2. but instead forwading, use private/protected methods from the same controller to make the Job. There is one hack - You must check role from top to down, ie. first check ROLE_ADMIN, next ROLE_OPERATOR and last ROLE_STAFF, because when your ROLE_ADMIN inherit from ROLE_STAFF, then block for user catch it.
  3. When the difference is just in some blocks of information that should be shown/hide for different roles, I stay with one controller and check role in template to determine which block render or not.

solution2
 0  2012-04-17 16:19:46

How about an automated version of your second solution? Like: 

    // Roles ordered from most to least significant (ROLE_ADMIN -> ROLE_MODERATOR -> etc)
    $roles = $myUserProvider->getRoles();
    foreach ($roles as $role) {
        // add a check to test, if the function you're calling really exists
        $roleName = ucfirst(strtolower(mb_substr($role, 0, 5)));
        $response = $this->forward(sprintf('AcmeBlogBundle:Post%s:index', $roleName))

        break;
    }

    // Check that $response is not null and do something with it ...

Since I don't have your setup I haven't tested the code above. Btw: what is the difference between the different method to post something?

solution3
 0  2012-04-18 03:04:28

see http://symfony.com/doc/current/book/internals.html#kernel-controller-event

should do the trick, and make sure to inject security.context service

solution4
 0  2015-09-02 12:10:22

in vendor/symfony/symfony/src/Symfony/Component/Routing/Router.php

There is an option to replace the matcher_class which should be possible in config.yml .

If you subclass UrlMatcher and overRide matchRequest that will take precedence over the Path match (url only).

matchRequest takes a parameter $request (Request object)

The Request object should contain the user information provided the security provider listener runs before the router listener and allow you select the route by combining the URL and User Role. The Routes are stored in an array indexed by name so the names will need to be different.

You could possibly use names like post_index[USER] post_index[STAFF] post_index[MODERATOR]

In order to generate the urls with {{ path('post_index', {...}) }} you will also need to replace the subclass the URLGenerator and inject that into the Router with the generator_class option.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use different controllers, depending on the user role, for the same route? How to have one URL for two controllers depending of roles in Symfony? User roles in route settings Routing to different controllers depending on authentication fos user: allow route to many roles even if user have just one role Should i make one user table or more depending upon their roles in symfony2 and mysql Same User, multiple accounts with different roles Symfony get user defined with different classes for roles Symfony2 - How to use multiple controllers in one route? Redirect to different action depending on User Status
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM