SonataUser-具有角色安全性的自定义选民 [英] SonataUser - Custom Voter with Role Security
问题描述
我正在将SonataAdmin与sonata.admin.security.handler.role
一起使用(因此在这里我不使用ACL).
我正在尝试使用自定义投票器来限制对对象的访问.
服务
security.access.company_voter:
class: Application\...\Voter\CompanyVoter
public: false
tags:
- { name: security.voter }
投票人 应用程序... \ Voter \ CompanyVoter.php
#...
public function vote(TokenInterface $token, $object, array $attributes)
{
get_class($object);
}
#...
但是我总是得到Application\...\Voter\CompanyVoter
的实例,而不是要限制的预期对象.
可能是什么原因?
您是在告诉我,使用角色安全处理程序时Sonata不会将对象传递给isGranted()
吗?
经过数小时的搜索,我发现接收到的对象始终是NULL
(get_class(NULL)
返回当前类).
经过几天的寻找,事实证明,与ACL处理程序相反,不会将当前对象传递给isGranted()
然后我必须扩展它.
有关详细信息,请参见我的github问题. >
I'm using SonataAdmin with sonata.admin.security.handler.role
(so I don't use ACLs here).
I'm trying to restrict access to an object with a custom voter.
service
security.access.company_voter:
class: Application\...\Voter\CompanyVoter
public: false
tags:
- { name: security.voter }
voter Application...\Voter\CompanyVoter.php
#...
public function vote(TokenInterface $token, $object, array $attributes)
{
get_class($object);
}
#...
But I'm always getting an instance of Application\...\Voter\CompanyVoter
instead of the expected object to restrict.
What can be the reason ?
Are you telling me that Sonata does not pass the object to isGranted()
when using the role security handler ?
After hours of searching, I noticed that the object received is always NULL
(get_class(NULL)
returns the current class).
After days of seeking, It turns out that, as opposed to the ACL handler, the default implementation of the Role handler doesn't pass the current object to isGranted()
I had then to extend it.
See a nice monologue in my github issue for more detail.
这篇关于SonataUser-具有角色安全性的自定义选民的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!