也许这里有人可以帮助我。 我正在添加博客评论并添加其权限。

  • 创建博客权限的用户的权限是可以的。
  • 未记录用户的权限可以查看de comment以便确定。
  • 管理员无法编辑/删除评论...但是什么错了?

Controller代码的一部分:

// Creating the ACL
$aclProvider = $this->get('security.acl.provider');
$objectIdentity = ObjectIdentity::fromDomainObject($blogComment);
$acl = $aclProvider->createAcl($objectIdentity);

// Creating full access for the admin
$roleSecurityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
$acl->insertObjectAce($roleSecurityIdentity, MaskBuilder::MASK_MASTER );

// Creating view rights for the not-logged in users
$roleSecurityIdentity = new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY');
$acl->insertObjectAce($roleSecurityIdentity, MaskBuilder::MASK_VIEW );

// retrieving the security identity of the currently logged-in user
$securityContext = $this->get('security.context');
$user = $securityContext->getToken()->getUser();
$securityIdentity = UserSecurityIdentity::fromAccount($user);

// grant owner access
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);

Symfony profiler安全性

Username    Mitchel
Authenticated?  yes
Roles   [ROLE_ADMIN]

数据库转储:

-- phpMyAdmin SQL Dump
-- version 3.5.2.2
-- http://www.phpmyadmin.net
--
-- Machine: localhost
-- Genereertijd: 17 sep 2012 om 14:19
-- Serverversie: 5.1.65
-- PHP-versie: 5.3.16

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


-- --------------------------------------------------------

--
-- Tabelstructuur voor tabel `acl_classes`
--

CREATE TABLE IF NOT EXISTS `acl_classes` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `class_type` varchar(200) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `UNIQ_69DD750638A36066` (`class_type`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;

--
-- Gegevens worden uitgevoerd voor tabel `acl_classes`
--

INSERT INTO `acl_classes` (`id`, `class_type`) VALUES
(1, 'MV\\BetaalbaarkozijnBundle\\Entity\\BlogComment');

-- --------------------------------------------------------

--
-- Tabelstructuur voor tabel `acl_entries`
--

CREATE TABLE IF NOT EXISTS `acl_entries` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `class_id` int(10) unsigned NOT NULL,
  `object_identity_id` int(10) unsigned DEFAULT NULL,
  `security_identity_id` int(10) unsigned NOT NULL,
  `field_name` varchar(50) DEFAULT NULL,
  `ace_order` smallint(5) unsigned NOT NULL,
  `mask` int(11) NOT NULL,
  `granting` tinyint(1) NOT NULL,
  `granting_strategy` varchar(30) NOT NULL,
  `audit_success` tinyint(1) NOT NULL,
  `audit_failure` tinyint(1) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `UNIQ_46C8B806EA000B103D9AB4A64DEF17BCE4289BF4` (`class_id`,`object_identity_id`,`field_name`,`ace_order`),
  KEY `IDX_46C8B806EA000B103D9AB4A6DF9183C9` (`class_id`,`object_identity_id`,`security_identity_id`),
  KEY `IDX_46C8B806EA000B10` (`class_id`),
  KEY `IDX_46C8B8063D9AB4A6` (`object_identity_id`),
  KEY `IDX_46C8B806DF9183C9` (`security_identity_id`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;

--
-- Gegevens worden uitgevoerd voor tabel `acl_entries`
--

INSERT INTO `acl_entries` (`id`, `class_id`, `object_identity_id`, `security_identity_id`, `field_name`, `ace_order`, `mask`, `granting`, `granting_strategy`, `audit_success`, `audit_failure`) VALUES
(1, 1, 1, 1, NULL, 0, 128, 1, 'all', 0, 0),
(2, 1, 1, 2, NULL, 1, 1, 1, 'all', 0, 0),
(3, 1, 1, 3, NULL, 2, 64, 1, 'all', 0, 0);

-- --------------------------------------------------------

--
-- Tabelstructuur voor tabel `acl_object_identities`
--

CREATE TABLE IF NOT EXISTS `acl_object_identities` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `parent_object_identity_id` int(10) unsigned DEFAULT NULL,
  `class_id` int(10) unsigned NOT NULL,
  `object_identifier` varchar(100) NOT NULL,
  `entries_inheriting` tinyint(1) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `UNIQ_9407E5494B12AD6EA000B10` (`object_identifier`,`class_id`),
  KEY `IDX_9407E54977FA751A` (`parent_object_identity_id`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;

--
-- Gegevens worden uitgevoerd voor tabel `acl_object_identities`
--

INSERT INTO `acl_object_identities` (`id`, `parent_object_identity_id`, `class_id`, `object_identifier`, `entries_inheriting`) VALUES
(1, NULL, 1, '1', 1);

-- --------------------------------------------------------

--
-- Tabelstructuur voor tabel `acl_object_identity_ancestors`
--

CREATE TABLE IF NOT EXISTS `acl_object_identity_ancestors` (
  `object_identity_id` int(10) unsigned NOT NULL,
  `ancestor_id` int(10) unsigned NOT NULL,
  PRIMARY KEY (`object_identity_id`,`ancestor_id`),
  KEY `IDX_825DE2993D9AB4A6` (`object_identity_id`),
  KEY `IDX_825DE299C671CEA1` (`ancestor_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
-- Gegevens worden uitgevoerd voor tabel `acl_object_identity_ancestors`
--

INSERT INTO `acl_object_identity_ancestors` (`object_identity_id`, `ancestor_id`) VALUES
(1, 1);

-- --------------------------------------------------------

--
-- Tabelstructuur voor tabel `acl_security_identities`
--

CREATE TABLE IF NOT EXISTS `acl_security_identities` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `identifier` varchar(200) NOT NULL,
  `username` tinyint(1) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `UNIQ_8835EE78772E836AF85E0677` (`identifier`,`username`)
) ENGINE=InnoDB  DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;

--
-- Gegevens worden uitgevoerd voor tabel `acl_security_identities`
--

INSERT INTO `acl_security_identities` (`id`, `identifier`, `username`) VALUES
(2, 'IS_AUTHENTICATED_ANONYMOUSLY', 0),
(1, 'MV\\BetaalbaarkozijnBundle\\Entity\\User-User', 1),
(3, 'ROLE_ADMIN', 0);

--
-- Beperkingen voor gedumpte tabellen
--

--
-- Beperkingen voor tabel `acl_entries`
--
ALTER TABLE `acl_entries`
  ADD CONSTRAINT `FK_46C8B8063D9AB4A6` FOREIGN KEY (`object_identity_id`) REFERENCES `acl_object_identities` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
  ADD CONSTRAINT `FK_46C8B806DF9183C9` FOREIGN KEY (`security_identity_id`) REFERENCES `acl_security_identities` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
  ADD CONSTRAINT `FK_46C8B806EA000B10` FOREIGN KEY (`class_id`) REFERENCES `acl_classes` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;

--
-- Beperkingen voor tabel `acl_object_identities`
--
ALTER TABLE `acl_object_identities`
  ADD CONSTRAINT `FK_9407E54977FA751A` FOREIGN KEY (`parent_object_identity_id`) REFERENCES `acl_object_identities` (`id`);

--
-- Beperkingen voor tabel `acl_object_identity_ancestors`
--
ALTER TABLE `acl_object_identity_ancestors`
  ADD CONSTRAINT `FK_825DE2993D9AB4A6` FOREIGN KEY (`object_identity_id`) REFERENCES `acl_object_identities` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
  ADD CONSTRAINT `FK_825DE299C671CEA1` FOREIGN KEY (`ancestor_id`) REFERENCES `acl_object_identities` (`id`) ON DELETE CASCADE ON UPDATE CASCADE;

我还在symfony论坛上创建了一个主题,但似乎它们不像stackoverflow那么活跃;)

Symfony版本:2.1.2

Thnx,问Mitchel

#1楼 票数:0

您是否尝试过按用户分配角色?

# Object
$idObjeto = ObjectIdentity::fromDomainObject($blogComment);

# User
$idUsuario = UserSecurityIdentity::fromAccount($usuario);

try {
    $acl = $this->get('security.acl.provider')->findAcl($idObjeto);
} catch (\Symfony\Component\Security\Acl\Exception\AclNotFoundException $e) {
    $acl = $this->get('security.acl.provider')->createAcl($idObjeto);
}

$acl->insertObjectAce($idUsuario, MaskBuilder::MASK_OPERATOR);
$this->get('security.acl.provider')->updateAcl($acl);

  ask by Mitchel Verschoof translate from so

未解决问题?本站智能推荐:

1回复

在Symfony2中更新安全身份(ACL)

我正在使用FOSUserBundle处理我的应用程序用户。 用户可以更新其用户名,也可以被管理员删除。 一切都很好,我的问题与Symfony ACL有关。 每个用户在创建时都有自己的安全实体。 例如,如果我使用shigeno用户名创建一个帐户, 则会在数据库( acl_security
2回复

我们应该使用Voters还是ACL?两者的优点/缺点是什么?有什么陷阱吗?[关闭]

我们正在构建一个用于管理实习的应用程序(例如“实习2级主治医学”)。 该应用程序正在Symfony2中构建。 我们的用户可以具有一个或多个角色(例如,教练也可以是主管)。 以下示例中使用的角色是: 学生(明显) 管理员(负责实习) 主管(公司学生的导师) 教练(在实
1回复

Symfony2:ACL允许使用密钥访问路由

我有一些CRUD路由: 我必须在security.yml中的access_controll上设置什么占位符? 问候
1回复

适用于许多用户的symfony2ACL

我有一个Order实体,其中有一个买方(用户实体)和一个卖方(用户实体)。 我希望该订单仅对通过Symfony2 ACL的2个用户(买方和卖方)可见。 我已经做了很多测试,但是没有成功。 请帮助 ! 这是下面的脚本: ===============================
1回复

ROLE_ADMIN没有登录错误的途径

我写了一个用户提供程序和注册,可以正常工作。 但是,当我直接使用sequel pro将用户角色从ROLE_USER更改为ROLE_ADMIN(仅用于测试)时,我无法登录,并收到错误消息: 无法生成命名路由“登录”的URL,因为这样的路由不存在。 当我改回ROLE_USER时,登录名
1回复

如何使用symfonyACL分配ROLE权限

我正在关注本教程 http://symfony.com/doc/current/cookbook/security/acl.html#creating-an-acl-and-adding-an-ace $acl->insertObjectAce($securityIdentity,
2回复

复杂的Righty系统:ACL,RBAC还有什么?

我们目前正在开发一个项目管理软件。 我们无法确定实施安全性的正确方法。 我们已经查看了ACL和RBAC,并且已经非常确定我们至少需要两者的组合才能出于特定原因。 但是有两个问题在这两个世界都没有很好的解决方案。 让我解释: 假设您有以下实体: 用户 ,具有不同的角色,即
1回复

symfony2中的ACL实现

是symfony的新手,需要处理ACL部分我需要在我的项目中构建ACl,可用下表解释 角色分配 我已经检查了许多下面的链接 http://symfony-gu.ru/documentation/zh/html/cookbook/security/acl.html https://