[英]FOS Comment permissions with ACL and Roles
因此,我安裝了foscomment(最新版本),並成功將其設置為ACL。 然后,我決定也添加基於角色的權限。 問題是,發表評論的用戶無法再編輯自己的評論。 如果我賦予其角色編輯權,則他們可以編輯所有評論。
是否可以在foscomment捆綁包中本地使用ACL和角色? 因此,可以將編輯和刪除設置為ROLE_ADMIN,但是ACL可以允許用戶編輯和刪除自己的帖子,即使他們是ROLE_USER?
還是我必須放棄角色部分並擴展模板並將其添加到我自己中?
這是我的config.yml foscomment片段
fos_comment:
db_driver: orm
class:
model:
comment: Application\Bundle\CommentBundle\Entity\Comment
thread: Application\Bundle\CommentBundle\Entity\Thread
acl: true
service:
acl:
thread: fos_comment.acl.thread.roles
comment: fos_comment.acl.comment.roles
vote: fos_comment.acl.vote.roles
manager:
thread: fos_comment.manager.thread.acl
comment: fos_comment.manager.comment.acl
vote: fos_comment.manager.vote.acl
acl_roles:
comment:
create: ROLE_USER
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
thread:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
vote:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
對的,這是可能的。
安裝FOSUser捆綁包,並遵循https://github.com/FriendsOfSymfony/FOSCommentBundle/blob/master/Resources/doc/6-integration_with_fosuserbundle.md 。
然后,創建以下類:
<?php
namespace Application\Sonata\CommentBundle\Acl;
use FOS\CommentBundle\Acl\RoleCommentAcl as BaseRoleCommentAcl;
use FOS\CommentBundle\Model\CommentInterface;
use FOS\CommentBundle\Model\SignedCommentInterface;
use Symfony\Component\Security\Core\SecurityContextInterface;
class RoleCommentAcl extends BaseRoleCommentAcl
{
/**
* The current Security Context.
*
* @var SecurityContextInterface
*/
private $securityContext;
/**
* Constructor.
*
* @param SecurityContextInterface $securityContext
* @param string $createRole
* @param string $viewRole
* @param string $editRole
* @param string $deleteRole
* @param string $commentClass
*/
public function __construct(SecurityContextInterface $securityContext,
$createRole,
$viewRole,
$editRole,
$deleteRole,
$commentClass
)
{
parent::__construct(
$securityContext,
$createRole,
$viewRole,
$editRole,
$deleteRole,
$commentClass);
$this->securityContext = $securityContext;
}
/**
* Checks if the Security token has an appropriate role to edit the supplied Comment.
*
* @param CommentInterface $comment
* @return boolean
*/
public function canEdit(CommentInterface $comment)
{
if ($comment instanceof SignedCommentInterface)
{
if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
return true;
}
}
return parent::canEdit($comment);
}
/**
* Checks if the Security token is allowed to delete a specific Comment.
*
* @param CommentInterface $comment
* @return boolean
*/
public function canDelete(CommentInterface $comment)
{
if ($comment instanceof SignedCommentInterface)
{
if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
return true;
}
}
return parent::canDelete($comment);
}
}
並將以下內容添加到service.yml:
<service id="application.sonata.comment.acl.comment.roles" class="Application\Sonata\CommentBundle\Acl\RoleCommentAcl" public="false">
<argument type="service" id="security.context" />
<argument>IS_AUTHENTICATED_FULLY</argument> <!-- Create role -->
<argument>IS_AUTHENTICATED_ANONYMOUSLY</argument> <!-- View role -->
<argument>ROLE_ADMIN</argument> <!-- Edit role -->
<argument>ROLE_ADMIN</argument> <!-- Delete role -->
<argument>%fos_comment.model.comment.class%</argument>
</service>
最后,使用以下命令更新您的config.yml:
fos_comment:
service:
acl:
comment: application.sonata.comment.acl.comment.roles
您可以根據需要調整創建的類。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.