Symfony 工作流组件和安全选民? [英] Symfony Workflow Component and Security Voters?
问题描述
TL;DR:如何向转换添加自定义约束(即安全投票者)?
我的应用程序需要一些工作流管理系统,所以我想尝试一下 Symfony 的新 工作流组件.我们以拉取请求工作流为例.
My application needs some workflow management system, so I'd like to try Symfony's new Workflow Component. Let's take a Pull Request workflow as an example.
在此示例中,仅描述了状态及其转换.但是如果我想向这个工作流程添加其他约束怎么办?我可以想象一些约束:
In this example, only states and their transitions are describes. But what if I want to add other constraints to this workflow? I can image some constraints:
- 只有管理员可以接受拉取请求
- 用户只能重新打开自己的拉取请求
- 用户不能重新打开超过 1 年的 PR
虽然在这种情况下您可以使用 Events,我认为这不是最好的处理方式,因为在 $workflow->apply() 之后会触发一个事件.我想事先知道是否允许用户更改状态,以便我可以隐藏或禁用按钮.(不是像这样).
While you can use Events in this case, I don't think that's the best way to handle it, because an event is fired after $workflow->apply(). I want to know beforehand if a user is allowed to change the state, so I can hide or disable the button. (not like this).
LexikWorkflowBundle 通过向步骤(转换)添加角色,部分解决了这个问题.切换到此捆绑包可能是个好主意,但我想弄清楚如何在没有的情况下解决此问题.
The LexikWorkflowBundle solved this problem partially, by adding roles to the steps (transitions). Switching to this bundle might be a good idea, but I'd like to figure out how I can solve this problem without.
添加自定义实体约束('超过 1 年的 PR 无法重新打开')和安全约束('只有管理员可以接受 PR 的最佳方法是什么?>',也许通过使用 Symfony 的安全选民)来转换?
What is the best way to add custom entity constraints ('PR older than 1 year can't be reopened') and security constraints ('only admins can accept PR's', maybe by using Symfony's Security Voters) to transitions?
更新:澄清一下:我想为我的工作流添加权限控制,但这并不一定意味着我想将它与工作流组件紧密耦合.我想坚持良好的做法,所以给定的解决方案应该尊重单一责任原则.
Update: To clarify: I want to add permission control to my workflow, but that doesn't necessarily mean I want to tightly couple it to the Workflow Component. I'd like to stick to good practices, so the given solution should respect the single responsibility principle.
推荐答案
我发现的最好方法是在工作流的 GuardListener 中实施 AuthorizationChecker.
The best way I found was implementing the AuthorizationChecker in the Workflow's GuardListener.
The demo application gives a good example:
namespace Acme\DemoBundle\Entity\Listener;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationChecker;
use Symfony\Component\Workflow\Event\GuardEvent;
class GuardListener implements EventSubscriberInterface
{
public function __construct(AuthorizationCheckerInterface $checker)
{
$this->checker = $checker;
}
public function onTransition(GuardEvent $event)
{
// For all action, user should be logger
if (!$this->checker->isGranted('IS_AUTHENTICATED_FULLY')) {
$event->setBlocked(true);
}
}
public function onTransitionJournalist(GuardEvent $event)
{
if (!$this->checker->isGranted('ROLE_JOURNALIST')) {
$event->setBlocked(true);
}
}
public function onTransitionSpellChecker(GuardEvent $event)
{
if (!$this->checker->isGranted('ROLE_SPELLCHECKER')) {
$event->setBlocked(true);
}
}
public static function getSubscribedEvents()
{
return [
'workflow.article.guard' => 'onTransition',
'workflow.article.guard.journalist_approval' => 'onTransitionJournalist',
'workflow.article.guard.spellchecker_approval' => 'onTransitionSpellChecker',
];
}
这篇关于Symfony 工作流组件和安全选民?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
