symfony - sfDoctrineGuard - 基于组凭据限制用户创建 [英] symfony - sfDoctrineGuard - restricting user creation based on group credentials
问题描述
我目前正在使用 sfDoctrineGuard 开发一个相当大且复杂的用户管理系统
I am currently in the process of developing a fairly large and complex user management system using sfDoctrineGuard
我创建了 4 个群组,editors
、moderators
、admins
和 superadmins
.
I have created 4 groups, editors
, moderators
, admins
and superadmins
.
我想要做的是限制管理员中的某些用户能够在 sfGuardUser 管理模块中创建/查看/编辑其他用户.
What I'm looking to do, is restrict certain users in the admin to be able to create/view/edit other users in the sfGuardUser admin module.
例如,superadmins
用户可以创建 editors
、moderators
、admins
和其他 superadmins
,但 moderator
只能创建 editors
.
So for example a superadmins
user can create editors
, moderators
, admins
and other superadmins
, but a moderator
can only create editors
.
这在 sfDoctrineGuard 中是否可行,如果可以,有人可以告诉我如何实现这一目标吗?
Is this possible in sfDoctrineGuard, if so, could someone give me an insight on how I'd achieve this?
谢谢
推荐答案
首先,您可以在 generator.yml 中设置凭据以显示/隐藏基于凭据的操作和对象操作的链接.例如:
First of all you can set credentials in generator.yml to show/hide links to actions and object actions based on credentials. For example:
config:
list:
object_actions:
_delete:
confirm: Вы уверены, что хотите удалить пользователя?
credentials: superuser
actions:
_new:
credentails: moderator
接下来,使用自定义表格方法为组的学说选择小部件配置表单:
Next, configure your forms with custom table methods for doctrine choice widgets of groups:
class sfGuardUserForm extends PluginsfGuardUserForm
{
public function configure()
{
//groups_list
$this->getWidget('groups_list')->setOption('expanded', true);
$this->getWidget('groups_list')->setOption('table_method', 'getListForAdmin');
$this->getValidator('groups_list')->setOption('query', Doctrine::getTable('sfGuardGroup')->getListForAdmin());
}
}
class sfGuardGroupTable extends PluginsfGuardGroupTable
{
/**
* Builds list query based on credentials
*
*/
public function getListForAdmin()
{
$user = sfContext::getInstance()->getUser();
$q = $this->createQuery('g');
if (!$user->isSuperAdmin() && $user->hasCredential('moderator'))
{
$q->addWhere('g.name IN (?)', array('editor'));
}
else if ($user->hasCredential('editor'))
{
$q->addWhere('g.name IN (?)', array('editor'));
}
return $q;
}
}
一些增强功能:通过从操作(在 preExecute 中)传递用户实例来摆脱单调调用,并使用 sfConfig::get 从 app.yml 中加载组名称,而不是在代码中进行硬编码.
A couple of enhancements: get rid of singletone call by passing user instance from action (in preExecute) and load group names form app.yml with sfConfig::get instead of hardcoding in it in code.
这篇关于symfony - sfDoctrineGuard - 基于组凭据限制用户创建的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!