FOSUserBundle和ACL业务角色 [英] FOSUserBundle and ACL Business Role

问题描述

我这个周末开始学习Symfony 2。我没有遇到任何问题，因为我认为该框架已得​​到很好的记录。

I started to learn Symfony 2 this weekend. I faced no problem, as the framework is well documented in my opinion.

我正在使用AOS的FOSUserBundle软件包。我想知道是否有可能使其类似于Yii框架：

I'm using FOSUserBundle package for ACL. I'm wondering if it's possible to make it similar to Yii framework:

$bizRule='return Yii::app()->user->id==$params["post"]->authID;';
$task=$auth->createTask('updateOwnPost','update a post by author himself',$bizRule);
$task->addChild('updatePost');

您可能会在上面的代码段中看到所有详细信息。

You may see all details on the snippet above.

如何使用Symfony 2实现类似的功能？

How can I achieve something similar with Symfony 2? Is this possible?

推荐答案

Symfony2具有 ACL系统开箱即用。为了完整起见，我包括了相关代码（针对 Post 进行了修改，而不是如文档中的 Comment 所示） ）：

Symfony2 has an ACL system out of the box that will do this. I'm including the relevant code for the sake of completeness (modified for Post instead of Comment as is in the documentation):

public function addPostAction()
{
    $post = new Post();

    // setup $form, and bind data
    // ...

    if ($form->isValid()) {
        $entityManager = $this->get('doctrine.orm.default_entity_manager');
        $entityManager->persist($post);
        $entityManager->flush();

        // creating the ACL
        $aclProvider = $this->get('security.acl.provider');
        $objectIdentity = ObjectIdentity::fromDomainObject($post);
        $acl = $aclProvider->createAcl($objectIdentity);

        // retrieving the security identity of the currently logged-in user
        $securityContext = $this->get('security.context');
        $user = $securityContext->getToken()->getUser();
        $securityIdentity = UserSecurityIdentity::fromAccount($user);

        // grant owner access
        $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
        $aclProvider->updateAcl($acl);
    }
}

基本上，您是在提供当前登录的用户Post实体的所有权（包括编辑权限）。然后检查当前用户是否具有编辑权限：

Essentially, you're giving the currently logged in user ownership of the Post entity (which includes edit permissions). And then to check if the current user has permission to edit:

public function editPostAction(Post $post)
{
    $securityContext = $this->get('security.context');

    // check for edit access
    if (false === $securityContext->isGranted('EDIT', $post))
    {
        throw new AccessDeniedException();
    }

    // retrieve actual post object, and do your editing here
    // ...
}

我高度建议您通读访问控制列表和高级ACL概念食谱的详细信息。上面显示的ACL的实际创建非常冗长，我一直在研究开源ACL管理器减轻痛苦……这是一种工作；它是早期的测试版，需要大量的爱，因此使用风险自负。

I highly recommend that you read through both the Access Control List and Advanced ACL Concepts cookbook recipes for more information. The actual creation of ACLs as shown above is extremely verbose, and I have been working on an open-source ACL manager to ease the pain... it "kind of works;" it's early beta and needs a lot of love, so use at your own risk.

这篇关于FOSUserBundle和ACL业务角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！