具有ACL和角色的FOS评论权限 [英] FOS Comment permissions with ACL and Roles

问题描述

因此，我安装了foscomment（迄今为止最新的版本）并成功将其设置为ACL。然后，我决定也添加基于角色的权限。问题是，发表评论的用户无法再编辑自己的评论。并且如果我赋予其角色编辑权限，则他们可以编辑所有注释。

So, I installed foscomment (most current version to date) and set it up for ACL, with success. I then decided to add their role based permissions as well. The problem is, the user who posts a comment can no longer edit their own comment. and if I give their role the edit power, then they can edit all comments.

是否可以在foscomment软件包中本地使用ACL和Roles？这样，可以将编辑和删除设置为ROLE_ADMIN，但是ACL可以允许用户编辑和删除自己的帖子，即使他们是ROLE_USER？

Is it possible to use ACL and Roles natively in the foscomment bundle? SO that edit and delete can be set to ROLE_ADMIN, but ACL can allow users to edit and delete their own posts, even if they are ROLE_USER?

还是我必须

这是我的config.yml foscomment代码段

here is my config.yml foscomment snippet

fos_comment:
    db_driver: orm
    class:
        model:
            comment: Application\Bundle\CommentBundle\Entity\Comment
            thread: Application\Bundle\CommentBundle\Entity\Thread
    acl: true
    service:
        acl:
            thread: fos_comment.acl.thread.roles
            comment: fos_comment.acl.comment.roles
            vote: fos_comment.acl.vote.roles
        manager:
            thread: fos_comment.manager.thread.acl
            comment: fos_comment.manager.comment.acl
            vote: fos_comment.manager.vote.acl
    acl_roles:
        comment:
            create: ROLE_USER
            view: IS_AUTHENTICATED_ANONYMOUSLY
            edit: ROLE_ADMIN
            delete: ROLE_ADMIN
        thread:
            create: IS_AUTHENTICATED_ANONYMOUSLY
            view: IS_AUTHENTICATED_ANONYMOUSLY
            edit: ROLE_ADMIN
            delete: ROLE_ADMIN
        vote:
            create: IS_AUTHENTICATED_ANONYMOUSLY
            view: IS_AUTHENTICATED_ANONYMOUSLY
            edit: ROLE_ADMIN
            delete: ROLE_ADMIN

推荐答案

是可能的。

安装FOSUser捆绑包，并按照 https： //github.com/FriendsOfSymfony/FOSCommentBundle/blob/master/Resources/doc/6-integration_with_fosuserbundle.md 。

Install FOSUser bundle and follow https://github.com/FriendsOfSymfony/FOSCommentBundle/blob/master/Resources/doc/6-integration_with_fosuserbundle.md .

然后，创建以下类：

<?php

namespace Application\Sonata\CommentBundle\Acl;

use FOS\CommentBundle\Acl\RoleCommentAcl as BaseRoleCommentAcl;
use FOS\CommentBundle\Model\CommentInterface;
use FOS\CommentBundle\Model\SignedCommentInterface;
use Symfony\Component\Security\Core\SecurityContextInterface;

class RoleCommentAcl extends BaseRoleCommentAcl
{
    /**
     * The current Security Context.
     *
     * @var SecurityContextInterface
     */
    private $securityContext;

    /**
     * Constructor.
     *
     * @param SecurityContextInterface $securityContext
     * @param string                   $createRole
     * @param string                   $viewRole
     * @param string                   $editRole
     * @param string                   $deleteRole
     * @param string                   $commentClass
     */
    public function __construct(SecurityContextInterface $securityContext,
                                $createRole,
                                $viewRole,
                                $editRole,
                                $deleteRole,
                                $commentClass
    )
    {
        parent::__construct(
            $securityContext,
            $createRole,
            $viewRole,
            $editRole,
            $deleteRole,
            $commentClass);

        $this->securityContext   = $securityContext;
    }


    /**
     * Checks if the Security token has an appropriate role to edit the supplied Comment.
     *
     * @param  CommentInterface $comment
     * @return boolean
     */
    public function canEdit(CommentInterface $comment)
    {
        if ($comment instanceof SignedCommentInterface)
        {
            if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
                return true;
            }
        }
        return parent::canEdit($comment);
    }

    /**
     * Checks if the Security token is allowed to delete a specific Comment.
     *
     * @param  CommentInterface $comment
     * @return boolean
     */
    public function canDelete(CommentInterface $comment)
    {
        if ($comment instanceof SignedCommentInterface)
        {
            if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
                return true;
            }
        }
        return parent::canDelete($comment);
    }

} 

并将以下内容添加到服务中。 yml：

And add the following to service.yml :

<service id="application.sonata.comment.acl.comment.roles" class="Application\Sonata\CommentBundle\Acl\RoleCommentAcl" public="false">
    <argument type="service" id="security.context" />
    <argument>IS_AUTHENTICATED_FULLY</argument> <!-- Create role -->
    <argument>IS_AUTHENTICATED_ANONYMOUSLY</argument> <!-- View role -->
    <argument>ROLE_ADMIN</argument> <!-- Edit role -->
    <argument>ROLE_ADMIN</argument> <!-- Delete role -->
    <argument>%fos_comment.model.comment.class%</argument>
</service>

最后，使用以下命令更新config.yml：

Finally, update your config.yml with the following :

fos_comment:
    service:
        acl:
            comment: application.sonata.comment.acl.comment.roles

您可以根据需要调整创建的类。

You can adapt the created class depending on your requirements.

这篇关于具有ACL和角色的FOS评论权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！