[英]Symfony 3.4 Access Denied - API REST (Check Profile)
您好,我正在尝试使用 symfony 3.4 创建 api rest。
当我尝试在http://localhost:8000/users/3 (确定输入的令牌)中获取时,这告诉我:访问被拒绝......但是当我删除“@Security(”is_granted('show', 'theUser ')", message="Access denied")"- 有效的 UserController,但您不仅可以检查您的所有配置文件...
用户控制器(获取用户操作):
*/
private $passwordEncoder;
/**
* @var JWTEncoderInterface
*/
private $jwtEncoder;
public function __construct(UserPasswordEncoderInterface $passwordEncoder, JWTEncoderInterface $jwtEncoder)
{
$this->passwordEncoder = $passwordEncoder;
$this->jwtEncoder = $jwtEncoder;
}
/**
* @Rest\View()
* @Security("is_granted('show', 'theUser')", message="Access denied")
*/
public function getUserAction(User $theUser)
{
if (null === $theUser) {
throw new NotFoundHttpException();
}
return $theUser;
}
/**
*
* @Rest\Post(
* path = "/users",
* name = "users_add"
* )
* @Rest\View(StatusCode=201)
* @ParamConverter(
* "user",
* converter="fos_rest.request_body",
* options={"deserializationContent"={"groups"={"Deserialize"}}}
* )
*/
public function postUserAction(User $user, ConstraintViolationListInterface $violations)
{
if (count($violations) > 0) {
$message = 'The user is not valid: ';
foreach ($violations as $violation) {
$message .= sprintf(
"Field %s: %s ",
$violation->getPropertyPath(),
$violation->getMessage()
);
}
throw new ResourceValidationException($message);
}
$user->setPassword(
$this->passwordEncoder->encodePassword(
$user,
$user->getPassword()
)
);
$user->setRoles([User::ROLE_USER]);
$em = $this->getDoctrine()->getManager();
$em->persist($user);
$em->flush();
return $user;
}
}`
USERVOTER: const SHOW = 'show';
/**
* Determines if the attribute and subject are supported by this voter.
*
* @param string $attribute An attribute
* @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type
*
* @return bool True if the attribute and subject are supported, false otherwise
*/
protected function supports($attribute, $subject)
{
if (!in_array($attribute, [self::SHOW])) {
return false;
}
if (!$subject instanceof User) {
return false;
}
return true;
}
/**
* Perform a single access check operation on a given attribute, subject and token.
* It is safe to assume that $attribute and $subject already passed the "supports()" method check.
*
* @param string $attribute
* @param mixed $subject
* @param TokenInterface $token
*
* @return bool
*/
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
switch ($attribute) {
case self::SHOW:
return $this->isUserHimself(
$subject,
$token);
}
return false;
}
/**
* @param $subject
* @param TokenInterface $token
* @return bool
*/
protected function isUserHimself($subject, TokenInterface $token)
{
$authenticatedUser = $token->getUser();
if (!$authenticatedUser instanceof User) {
return false;
}
/**
* @var User $user
*/
$user = $subject;
return $authenticatedUser->getId() === $user->getId();
}
}
好的,这一切都很好!!! 我只是删除了引号: * @Security("is_granted('show', 'theUser')", message="Access denied")到* @Security("is_granted('show', theUser)", message="Access denied")
如果有人可以解释@Sercurity 在您是否加引号时有什么区别,谢谢:)
Symfony 3.4-预期实体获得了EntityManager API REST
[英]Symfony 3.4 - Expected Entity got EntityManager API REST
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.