symfony - sfDoctrineGuard - 基于组凭据限制用户创建 [英] symfony - sfDoctrineGuard - restricting user creation based on group credentials

问题描述

我目前正在使用 sfDoctrineGuard 开发一个相当大且复杂的用户管理系统

I am currently in the process of developing a fairly large and complex user management system using sfDoctrineGuard

我创建了 4 个群组，editors、moderators、admins 和 superadmins.

I have created 4 groups, editors, moderators, admins and superadmins.

我想要做的是限制管理员中的某些用户能够在 sfGuardUser 管理模块中创建/查看/编辑其他用户.

What I'm looking to do, is restrict certain users in the admin to be able to create/view/edit other users in the sfGuardUser admin module.

例如，superadmins 用户可以创建 editors、moderators、admins 和其他 superadmins，但 moderator 只能创建 editors.

So for example a superadmins user can create editors, moderators, admins and other superadmins, but a moderator can only create editors.

这在 sfDoctrineGuard 中是否可行，如果可以，有人可以告诉我如何实现这一目标吗?

Is this possible in sfDoctrineGuard, if so, could someone give me an insight on how I'd achieve this?

谢谢

推荐答案

首先，您可以在 generator.yml 中设置凭据以显示/隐藏基于凭据的操作和对象操作的链接.例如:

First of all you can set credentials in generator.yml to show/hide links to actions and object actions based on credentials. For example:

config:
  list:
    object_actions:
      _delete:
        confirm: Вы уверены, что хотите удалить пользователя?
        credentials: superuser
    actions:
      _new:
        credentails: moderator

接下来，使用自定义表格方法为组的学说选择小部件配置表单:

Next, configure your forms with custom table methods for doctrine choice widgets of groups:

class sfGuardUserForm extends PluginsfGuardUserForm
{
  public function configure()
  {
    //groups_list
    $this->getWidget('groups_list')->setOption('expanded', true);
    $this->getWidget('groups_list')->setOption('table_method', 'getListForAdmin');
    $this->getValidator('groups_list')->setOption('query', Doctrine::getTable('sfGuardGroup')->getListForAdmin());
  }
}

class sfGuardGroupTable extends PluginsfGuardGroupTable
{
  /**
   * Builds list query based on credentials
   *
   */
  public function getListForAdmin()
  {
    $user = sfContext::getInstance()->getUser();

    $q = $this->createQuery('g');

    if (!$user->isSuperAdmin() && $user->hasCredential('moderator'))
    {
      $q->addWhere('g.name IN (?)', array('editor'));
    }
    else if ($user->hasCredential('editor'))
    {
      $q->addWhere('g.name IN (?)', array('editor'));
    }        
    return $q;
  }
}

一些增强功能:通过从操作(在 preExecute 中)传递用户实例来摆脱单调调用，并使用 sfConfig::get 从 app.yml 中加载组名称，而不是在代码中进行硬编码.

A couple of enhancements: get rid of singletone call by passing user instance from action (in preExecute) and load group names form app.yml with sfConfig::get instead of hardcoding in it in code.

这篇关于symfony - sfDoctrineGuard - 基于组凭据限制用户创建的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！