更新security.context中的角色，而无需再次登录 [英] Update roles in security.context without need to logging in again

问题描述

我在项目中使用FOSUserBundle.我有一个控制器AcmeArticleBundle:Edit，其路由前缀为/editor.并且在我的security.yml中添加了访问控制.

I use FOSUserBundle in my project. I have a Controller AcmeArticleBundle:Edit which has a route prefix /editor. And in my security.yml I added an access control.

access_control:
    - { path: ^/editor/, role: ROLE_EDITOR }

现在，我将ROLE_EDITOR添加到控制器中的用户.但是，用户无法访问AcmeArticleBundle:Edit，并且直到注销并再次登录后，安全上下文才会更改.

Now I add ROLE_EDITOR to a user in a controller. But user cannot access AcmeArticleBundle:Edit and security context does not change until logging out and logging in again.

推荐答案

最后，我找到了解决方案.我必须制作一个新的安全令牌并将其设置为安全上下文.

Finally I found the solution. I had to make a new security token and set it as security context.

$user = $this->getUser();
$user->addRole('ROLE_ADMIN');
$this->get('fos_user.user_manager')->updateUser($user);
$token = new UsernamePasswordToken($user, null, 'main', $user->getRoles());
$this->get('security.context')->setToken($token);

这篇关于更新security.context中的角色，而无需再次登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！