如何禁止在 FOSUserBundle 中编辑用户名?
现在我可以进入个人资料编辑页面并更改用户名。例如,如何仅允许 ROLE_ADMIN 这样做?
但允许在个人资料中编辑电子邮件。
找到解决方案:
class ProfileFormType extends BaseType
{
public function buildForm(FormBuilderInterface $builder, array $options)
{
parent::buildForm($builder, $options);
$builder->remove('username');
}
public function getName()
{
return 'goock_user_profile';
}
}
它安全吗?
In order for you to allow only ROLE_ADMIN to edit a form field, you'll need to pass the "security.context" service into your form type, and then do something like the following
if ($this->securityContext->isGranted('ROLE_ADMIN')) {
$builder->add('username');
}
//or if username is already added
if (!$this->securityContext->isGranted('ROLE_ADMIN')) {
$builder->remove('username');
}