FOSUserBundle 和 ACL 业务角色 [英] FOSUserBundle and ACL Business Role

问题描述

我这个周末开始学习 Symfony 2.我没有遇到任何问题，因为在我看来，该框架已被很好地记录在案.

I started to learn Symfony 2 this weekend. I faced no problem, as the framework is well documented in my opinion.

我将 FOSUserBundle 包用于 ACL.我想知道是否有可能使它类似于 Yii 框架:

I'm using FOSUserBundle package for ACL. I'm wondering if it's possible to make it similar to Yii framework:

$bizRule='return Yii::app()->user->id==$params["post"]->authID;';
$task=$auth->createTask('updateOwnPost','update a post by author himself',$bizRule);
$task->addChild('updatePost');

您可以在上面的代码段中看到所有详细信息.

You may see all details on the snippet above.

我怎样才能用 Symfony 2 实现类似的东西?这可能吗?

How can I achieve something similar with Symfony 2? Is this possible?

推荐答案

Symfony2 有一个 ACL 系统 可以做到这一点的开箱即用.为了完整起见，我包含了相关代码(针对 Post 而不是文档中的 Comment 进行了修改):

Symfony2 has an ACL system out of the box that will do this. I'm including the relevant code for the sake of completeness (modified for Post instead of Comment as is in the documentation):

public function addPostAction()
{
    $post = new Post();

    // setup $form, and bind data
    // ...

    if ($form->isValid()) {
        $entityManager = $this->get('doctrine.orm.default_entity_manager');
        $entityManager->persist($post);
        $entityManager->flush();

        // creating the ACL
        $aclProvider = $this->get('security.acl.provider');
        $objectIdentity = ObjectIdentity::fromDomainObject($post);
        $acl = $aclProvider->createAcl($objectIdentity);

        // retrieving the security identity of the currently logged-in user
        $securityContext = $this->get('security.context');
        $user = $securityContext->getToken()->getUser();
        $securityIdentity = UserSecurityIdentity::fromAccount($user);

        // grant owner access
        $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
        $aclProvider->updateAcl($acl);
    }
}

本质上，您授予当前登录的用户对 Post 实体的所有权(包括编辑权限).然后检查当前用户是否有编辑权限:

Essentially, you're giving the currently logged in user ownership of the Post entity (which includes edit permissions). And then to check if the current user has permission to edit:

public function editPostAction(Post $post)
{
    $securityContext = $this->get('security.context');

    // check for edit access
    if (false === $securityContext->isGranted('EDIT', $post))
    {
        throw new AccessDeniedException();
    }

    // retrieve actual post object, and do your editing here
    // ...
}

我强烈建议您通读访问控制列表 和高级 ACL 概念 食谱食谱了解更多信息.如上所示的 ACL 的实际创建非常冗长，我一直在研究 开源 ACL 管理器 缓解疼痛……它有点作用"；这是早期的测试版，需要大量的爱，所以使用风险自负.

I highly recommend that you read through both the Access Control List and Advanced ACL Concepts cookbook recipes for more information. The actual creation of ACLs as shown above is extremely verbose, and I have been working on an open-source ACL manager to ease the pain... it "kind of works;" it's early beta and needs a lot of love, so use at your own risk.

这篇关于FOSUserBundle 和 ACL 业务角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！