如何在数据库级别动态处理Symfony2中的角色|权限:对它们的CRUD操作 [英] How to dynamic handle roles|permissions in Symfony2 at database level: CRUD operations over them
问题描述
我在Symfony 2.8项目中工作,对用户/组/角色有疑问。有几种处理用户和组的方法,例如在 security.yml 上编写它们,但是我不知道是否可以将其存储在DB(某个地方)然后从那里读取。我对此进行了研究,找到了ACL,选民等,但并没有使我头脑清醒,但这项研究使我感到非常困惑,因此我需要这里的人提供一些帮助。然后:
I am working in a Symfony 2.8 project and I have a doubt regarding users/groups/roles|permissions. There are a few ways to handle users and groups as for example SonataUser on top of SonataAdmin and lately EasyAdmin but all of them lacks ROLE|permissions management and this is exactly my doubt: what's the proper way to handle them? Yes, I know I need to write them at security.yml but I don't know if I can store then in DB (somewhere) and then read from there. I have research about this and found ACL, Voters and so on but instead of clear my mind the research is confusing me a lot so I need some push from people here. Then:
- 您将如何处理?
- 任何代码级示例? (我更喜欢看单词以外的东西来表达重点)
- 角色与权限是否相同?
更新:改进问题
我想要的是一个 ManyToMany 个用户和角色以及可能的组之间的关系,以及角色。我认为,随着 SonataUserBundle 的处理,这是通过在 user roles 来实现的c $ c>表并为每个用户分配很多角色,如果我没有记错的话,甚至可以创建新角色,但是如果我想创建尽可能多的角色而不分配给用户,以后又添加许多角色呢?一个用户甚至一个小组?
What I want to have is a ManyToMany relationship between users and roles and possibly groups and roles. I think that as SonataUserBundle handle this is by creating a column roles in user table and assign a lot of roles to each user, even create new ones if I'm not mistaken but what about if I want to create as much roles as I can without assign them to a user and later add many roles to a user even to a group?
您将如何做?
推荐答案
您可以添加新的 FOSUserBundle 中的角色。您无需首先将其添加到 security.yml 文件中。
You can add new roles in the FOSUserBundle on the go. There is no need for you to initially add it in the security.yml file.
为此,您可以做这样的事情:
To do this you can do something like this:
$user = new User();
$user->addRole('ROLE_NEWUSER'); //Role Name should begin with 'ROLE_'
开头,或者在您的控制器中,您可以获取当前用户或任何用户
or in your controller you can get current or any user
$this->getUser();
$user->addRole('ROLE_NEWUSER'); //Role Name should begin with 'ROLE_'
这将回答您的第一部分和第二部分。
This answers your first and second part.
对于第三部分,可以将角色 用作权限。以前,我已经实现了一种结构,在该结构中,我根据用户角色来限制对页面的访问,同时也根据用户角色来限制可以更改的数据。
For the third part, Roles can be used as permissions. I have implemented a structure previously where I was restricting access to pages based on the user role also restricting what data they can change based on their role.
UPDATE 我实现了一个事件监听器,它将监听所有内核请求,称为 onKernelRequest 。由于我的角色也存储在SQL端,所以我在SQL端做了部分访问管理,但是在Server端也可以做同样的事情。我的事件监听器看起来像这样:(这是我所拥有的精简版本)
UPDATE I implemented an Event Listener for this which would listen to all the kernel requests which is called onKernelRequest. I have partially done the access management on the SQL side since I have my roles stored in SQL side as well but one can do the same on the Server side. My Event Listener looked like this: (This is a trimmed down version of what I have)
class TokenListener
{
protected $em;
protected $token_storage;
protected $templating;
protected $router;
protected $resolver;
public function __construct($em,TokenStorageInterface $token_storage, TwigEngine $templating, Router $router, ControllerResolver $resolver)
{
$this->em = $em;
$this->token_storage = $token_storage;
$this->templating = $templating;
$this->router = $router;
$this->resolver = $resolver;
}
public function onKernelRequest(GetResponseEvent $event)
{
$request = $event->getRequest();
$route = $request->attributes->get('_route');
$routeArr = array('fos_js_routing_js', 'fos_user_security_login', '_wdt'); //These are excluded routes. These are always allowed. Required for login page
if(!is_int(array_search($route, $routeArr)) && false)
{
$userRoles = $this->token_storage->getToken()->getUser()->getRoles();
if(!in_array('ROLE_NEWUSER', $userRoles))
{
$event->setResponse(new RedirectResponse($this->router->generate('user_management_unauthorized_user', array())));
}
}
}
}
我的services.yml看起来像这样
My services.yml looks like this
services:
app.tokens.action_listener:
class: EventListenerBundle\EventListener\TokenListener
arguments:
entityManager: "@doctrine.orm.entity_manager"
token_storage: "@security.token_storage"
templating: "@templating"
router: "@router"
resolver: "@controller_resolver"
tags:
- { name: kernel.event_listener, event: kernel.request, method: onKernelRequest }
更新要回答问题的更新部分,您可以做的是另外一个 roles 实体,您可以预先填充所需的角色,然后与原始 User 表建立一对多关系。然后,您可以像 prePersist或preUpdate原则生命周期事件 ,以检查是否在角色实体中已经存在该角色时添加新角色。那应该可以解决您的问题。所有这些都将涉及一些调整。没有直接的方法可以做到这一点。
UPDATE To answer your update part of the question, what you can do is have another roles entity and you could populate the roles you want in advance and then have a one to many relationship with the original User table. You can then have something like prePersist or preUpdate Doctrine Lifecycle Events to check when adding a new if the role already exists in your roles entity. That should precisely solve your problem. All this will involve a little tweaking though. There is no straight way to do this.
这篇关于如何在数据库级别动态处理Symfony2中的角色|权限:对它们的CRUD操作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
