防止用户从非授权区域登录 [英] Preventing users login from non authorized area
问题描述
为避免在用户尝试访问禁区时出现403错误并避免用户登录该区域,如果没有正确的凭据,我需要阻止用户登录.
To avoid me 403 errors when a user tries to access a forbidden area and avoid user sign in into that area I need to prevent users from logging if do not have the proper credentials.
让我更好地解释一下,假设我是X
用户ROLE_USER
,用户X
可以访问前端,但不应该能够登录到后端,就像我们有用户ROLE_ADMIN
,用户Y
可以登录到后端,但不能登录到前端,对我了解吗?我怎么能做到这一点?
Let me explain a little better, suppose I'm the X
user ROLE_USER
, user X
can access the frontend but should not be able to log into the backend, just as we have the user Y
and ROLE_ADMIN
, user Y
could log into the backend but not in the frontend, do understand me? How I can accomplish this?
推荐答案
让我们假设我是Adam,其角色为'ROLE_ADMIN'.我无法登录到前端.
lets assume that I'm user Adam with role 'ROLE_ADMIN'. I can't login to frontend.
您应该简单地将此代码添加到您的控制器中:
You should simple add this code to your controllers:
if( $this->get('security.context')->isGranted('YOUR ROLE') )
return new Response('yea!');
因此,如果要保护BackendController并允许使用"ROLE_ADMIN"登录用户,则应添加以下代码:
So, If you want to secure BackendController and let to login users with 'ROLE_ADMIN' you should add this code:
if( $this->get('security.context')->isGranted('ROLE_ADMIN') )
return new Response('You are granted to see this site.');
此代码检查当前用户(我)是否具有角色ROLE_ADMIN.如果要检查用户是否具有'ROLE_ADMIN'并且没有'ROLE_USER',只需添加:
This code checks if current user (me) has role ROLE_ADMIN. If you want to check if user has 'ROLE_ADMIN' AND doesn't have 'ROLE_USER' just add:
$security = $this->get('security.context');
if( $security->isGranted('ROLE_ADMIN') && !$security->isGranted('ROLE_USER') )
return new Response('You are not granted to see this site.');
这篇关于防止用户从非授权区域登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!