Symfony2:如何根据权限隐藏 Twig 中的链接 [英] Symfony2: How to hide link in Twig based on permissions
问题描述
我的应用程序显示了项目列表、项目详细信息页面和用于编辑这些项目的表单.这些是路线:
- /- 项目列表
- /project/42 - 查看项目(项目详细信息页面)
- /project/42/edit - 编辑项目
只有其所有者可以编辑项目.
我已经实施了一个 Voter,以防止非所有者访问/project/42/edit.
现在,我还想从项目详细信息页面中隐藏编辑项目"链接.这样做的方法是什么?理想情况下,在 Twig 中,我想做类似
<前>{% if may_access(path('project_edit', { 'id': project.id })) %}<a href="{{ path('project_edit', { 'id': project.id }) }}">编辑项目</a>{% 万一 %}我可以将此功能实现为 Twig 扩展,但可能已经存在类似的功能.
函数 is_granted() 实际上 有第二个参数,允许我做我需要的事情:
<前>{% if is_granted("MAY_EDIT", project) %}<a href="{{ path('project_edit', { 'id': project.id }) }}">编辑项目</a>{% 万一 %}我将此与控制器操作中的检查结合使用:
<前>公共函数 editAction(Project $project){if (!$this->get('security.context')->isGranted('MAY_EDIT', $project)) {$this->flash('你不能编辑这个项目');返回 $this->show($project);}//...}这实际上与 nifr 在他对 Sonata 用户 - 自定义字段的安全性.我希望找到一种方法来自动调用选民并避免调用 isGranted().
如果你想看看完整的代码,它在我有发布在github的教程项目中.
My application shows a list of projects, project detail pages and forms to edit these projects. These are the routes:
- / - list of projects
- /project/42 - view project (project detail page)
- /project/42/edit - edit project
Only its owner may edit a project.
I have implemented a Voter to prevent access to /project/42/edit for non-owners.
Now, I also want to hide the link "edit project" from the project detail page. What would be the way to do this? Ideally, in Twig, I would like to do something like
{% if may_access(path('project_edit', { 'id': project.id })) %} <a href="{{ path('project_edit', { 'id': project.id }) }}">edit project</a> {% endif %}
I can implement this function as a Twig extension, but maybe a similar functionality already exists.
The function is_granted() actually has a second parameter that allows me to do just what I need:
{% if is_granted("MAY_EDIT", project) %} <a href="{{ path('project_edit', { 'id': project.id }) }}">edit project</a> {% endif %}
I use this in combination with a check in the controller action:
public function editAction(Project $project) { if (!$this->get('security.context')->isGranted('MAY_EDIT', $project)) { $this->flash('You are not allowed to edit this project'); return $this->show($project); } // ... }
This is actually very similar to the approach that nifr used in his answer to Sonata User - Security on custom field. I was hoping to find a way to have the voter be called automatically and avoid the call to isGranted().
If you want to have a look at the complete code, it is in the tutorial project I have published in github.
这篇关于Symfony2:如何根据权限隐藏 Twig 中的链接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!