理解@ParamConverter &@security 注释 [英] Understanding @ParamConverter & @security annotations
本文介绍了理解@ParamConverter &@security 注释的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在使用 symfony4 进行开发.我正在尝试允许用户编辑自己的个人资料.我想知道如何允许用户编辑他的id"而不是其他用户的其他 id.这是我的 security.yaml
I'm newing developing with symfony4. I'm trying to allow a user edit is own profile. I'm wondering about how can i allow a user to edit his "id" but not others id's from other users. This is my security.yaml
access_control:
- { path: ^/hardware, roles: ROLE_USER }
- { path: ^/my, roles: ROLE_USER }
- { path: ^/settings, roles: ROLE_ADMIN }
这是我的动作的特定控制器.当我阅读以执行此操作时,我必须至少使用@security 参数并且@ParamConverter 可能会有所帮助.有什么提示吗?
And this is my specific controller for the action. As i read in order to do this action i must use at least the @security param and could be helpful the @ParamConverter. Any tip?
**
* @Route("/my/password/{id}", name="edit_password", methods="GET|POST")
* @ParamConverter("id", class="App:User")
* @Security("user.getId() == 'id'")
*/
public function editUser(Request $request, User $user, UserPasswordEncoderInterface $passwordEncoder): Response
{
推荐答案
你能试试吗?
/**
* @Route("/my/password/{id}", name="edit_password",methods="GET|POST")
* @ParamConverter("id", class="App:User")
* @Security("user.getId() == editUser.getId()")
*/
public function editUser(Request $request, User $editUser, UserPasswordEncoderInterface $passwordEncoder): Response
{
这篇关于理解@ParamConverter &@security 注释的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文