Symfony - 在 entityRepository 中使用投票者 [英] Symfony - use voter in entityRepository
问题描述
我的问题是:我有一个页面/user 显示所有用户的列表.该页面仅对登录者可见,并且根据当前登录用户的类型,他只能看到部分列表.我认为投票者将是一个很好的解决方案(如果有更好的解决方案,请告诉我),但我对 supportClass 有问题.用户列表是 UserRepository 中名为 getAllUsers 的查询,我尝试将 securityContext 传递给存储库,以便我可以查询当前用户是否具有访问权限.我的动作是这样的:
My problem is this: I have a page /user which shows a list of all users. The page is visible only to those who are logged in and, depending on what kind of user the currently logged in user is, he sees only parts of the list. I figured that a voter would be a good solution to this (if there's a better one please let me know), but I have a problem with supportsClass. The userlist is a query in UserRepository named getAllUsers and I tried passing the securityContext to the repository so I can query if the current user has access or not. My action looks like this:
public function listAction($limit = 50, $offset = 0) {
$manager = $this->getDoctrine()->getManager();
$userRepository = $manager->getRepository('SeamUserBundle:User');
$users = $userRepository->getAllUsers($this->get('security.context'));
return ....
}
在 userRepository 我试过这个:
and in userRepository I tried this:
public function getAllUsers($securityContext) {
....
if(!$securityContext->isGranted('USER_LIST_ALL', null)) {
//modify query
}
...
}
但如果我将 null 作为第二个参数传递给 isGranted,则 $class 现在是 Voter,因此 supportsClass 返回 false.我这样做是错误的吗?如果是这样 - 我该怎么做?如果没有 - 缺少什么?如何将用户实体传递给 isGranted?
but if I pass null as a second parameter to isGranted, the $class is now the Voter and therefore supportsClass returns false. Am I doing this the wrong way? If so - how do I do this? If not - what's missing? How do I pass the user entity to isGranted?
提前致谢.
推荐答案
To grant permission on global basis you want to use roles instead of voters.
角色和选民之间的差异:
Diference between roles and voters:
Voter 用于告诉用户是否可以对对象执行操作(关系 user-action-instance_of_object).选民背后的逻辑取决于你.你需要实现它们,symfony 只找到选民并收集他们的决定.示例:用户可以编辑文章的特定实例.
Voter is there to tell if user can perform action on object (relation user-action-instance_of_object). Logic behind voters is up to you. You need to implement them and symfony only finds voters and collects their decision. Example: User can edit specific instance of article.
角色用于告诉用户是否具有全局权限(关系用户-操作).角色背后的逻辑由 symfony 处理.您只向用户添加角色并需要 $securityContext 上的角色.示例:用户可以撰写新文章.
Role is there to tell if user has global permission (relation user-action). Logic behind roles is handled by symfony. You only add roles to user and require roles on $securityContext. Example: user can write new article.
列出所有用户是基于用户可以做什么,因此这是角色的工作.您需要将角色 ROLE_USER_LIST_ALL 添加到允许列出所有用户的用户.当用户登录时,您可能应该在 UserProvider 中执行此操作.您需要做的就是 UserInterface 需要实现 getRoles.关于在数据库中定义角色的一些信息可以在 symfony 文档
Listing all users is based on what user can do hence it is job for role. You need to add role ROLE_USER_LIST_ALL to users that are allowed to list all users. You should probably do that in UserProvider when user is logging in. All you need to do is as UserInterface requires implement getRoles. Some information about defining roles in database can be found in symfony docs
然后在您的 UserRepository 调用中
$securityContext->isGranted('ROLE_USER_LIST_ALL');
注意没有第二个参数,因为它是与特定对象实例无关的全局权限.
Notice there is not second parameter because it is global permission not related to specific object instances.
此外,将安全上下文作为 getter 的参数传递也不理想.相反,将存储库指定为服务并设置安全上下文可能是个好主意.
Also it isn't ideal to pass security context as param for getter. Instead it might be good idea to specify repository as service and set security context.
services:
seam.user.repository:
class: Seam\UserBundle\UserRepository
factory_service: doctrine.orm.entity_manager
factory_method: getRepository
arguments:
- Seam\UserBundle\User
calls:
- [ setSecurityContext, [@security.context] ]
然后你可以用
$container->get('seam.user.repository);
//in controler use $this instead of $container
(您需要在 UserRepository 类中实现 setSecurityContext)
(You need to implemenet setSecurityContext in your UserRepository class)
这篇关于Symfony - 在 entityRepository 中使用投票者的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
