1

我在那里,我想创建一个自定义身份验证,提供用户角色、组和角色组。我要创建的登录名是下一个:

用户有组,组有角色;

用户具有角色。此角色用于从组中撤消角色。

IE:

Groups:
    Group1: ROLE_WRITE, ROLE_READ
    Group2: ROLE_CHECK, ROLE_NEW
Users:
    Groups:
        Group1
        Group2
    Roles
        ROLE_CHECK

在上面的例子中,用户只能使用 3 个角色 ROLE_WRITE、ROLE_READ 和 ROLE_NEW

我做了以下课程

角色.php

namespace Test\UserBundle\Entity;

use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\Role\RoleInterface;


/**
 * Test\OverSkyBundle\Entity\Roles
 *
 * @ORM\Table(name="roles")
 * @ORM\Entity()
 */

class Roles implements RoleInterface{
    /**
     * @ORM\Column(type="integer")
     * @ORM\Id
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    private $id;

    /**
     * @ORM\Column(type="string", length=70, unique=true)
     */
    private $role;

    public function __construct( $role )
    {
        $this->role = $role;
    }

    public function getId(){
        return $this->id;
    }

    public function getRole(){
        return $this->role;
    }
    public function setRole($role){
        $this->role = $role;
    }

    public function __toString()
    {
        return (string) $this->role;
    } 
}

组.php

namespace Test\UserBundle\Entity;

use Doctrine\ORM\Mapping as ORM;

/**
 * Test\OverSkyBundle\Entity\Groups
 *
 * @ORM\Table(name="groups")
 * @ORM\Entity()
 */

class Groups {

    /**
     * @ORM\Column(type="integer")
     * @ORM\Id
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    private $id;

    /**
     * @ORM\Column(type="string", length=70, unique=true)
     */
    private $groupname;

    /**
     * @ORM\ManyToMany(targetEntity="Roles")
     *
     */
    private $roles;

    public function __construct()
    {
        $this->roles = new ArrayCollection();
    }

    public function __toString()
    {
        return $this->groupname;
    } 

    public function getId(){
        return $this->id;
    }

    public function getRoles()
    {
        return $this->roles->toArray();
    }
    public function setRoles($roles)
    {
        $this->roles = $roles;
    }
}

用户.php

<?php

namespace Test\UserBundle\Entity;

use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;
use Doctrine\Common\Collections\ArrayCollection;

/** 
* Test\OverSkyBundle\Entity\Users
 *
 * @ORM\Table(name="users")
 * @ORM\Entity(repositoryClass="Test\UserBundle\Entity\UsersRepository")
 */

class Users implements UserInterface, \Serializable{
    /**
     * @ORM\Column(type="integer")
     * @ORM\Id
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    private $id;

    /**
     * @ORM\Column(type="string", length=25, unique=true)
     */
    private $username;

    /**
     * @ORM\ManyToMany(targetEntity="Roles")
     *
     */
    private $roles;

    /**
     * @ORM\ManyToMany(targetEntity="Groups")
     *
     */
    private $groups;

    /**
     * @ORM\Column(type="string", length=32)
     */
    private $salt;

    /**
     * @ORM\Column(type="string", length=140)
     */
    private $password;

    /**
     * @ORM\Column(type="string", length=140, unique=true)
     */
    private $email;

    /**
     * @ORM\Column(name="is_active", type="boolean")
     */
    private $isActive; 

    public function __toString()
    {
        return $this->name;
    } 

    public function __construct() {
        $this->roles = new ArrayCollection();
        $this->groups = new ArrayCollection();
        $this->isActive = true;
        $this->salt = md5(uniqid(null, true));
    }

    public function getId()
    {
        return $this->id;
    }

    public function getRoles()
    {
        return $this->roles->toArray();
    }
    public function setRoles($roles)
    {
        $this->roles = $roles;
    }

    public function getGroups()
    {
        return $this->groups->toArray();
    }
    public function setGroups($groups)
    {
        $this->groups = $groups;
    }    

    public function getUsername()
    {
        return $this->username;
    }
    public function setUsername($username)
    {
        $this->username = $username;
    }    

    public function getSalt()
    {
        return $this->salt;
    }
    public function setSalt($salt)
    {
        $this->salt = $salt;
        return $this;
    }

    public function getPassword()
    {
        return $this->password;
    }    
    public function setPassword($password)
    {
        $this->password = $password;
        return $this;
    }

    public function getEmail()
    {
        return $this->email;
    }
    public function setEmail($email)
    {
        $this->email = $email;
        return $this;
    }  

    public function getIsActive()
    {
        return $this->isActive;
    }  
    public function setIsActive($isActive)
    {
        $this->isActive = $isActive;
        return $this;
    }   

    public function eraseCredentials() {

    }

    public function serialize() {
        return serialize(array(
            $this->id,
        ));        
    }

    public function unserialize($serialized) {
        list (
            $this->id,
        ) = unserialize($serialized);
    }
}

index.html.twig

{% if is_granted('ROLE_ZAP') %}
    dasdsa
{% endif %}

{% for groups in app.user.groups %}    
    <li> groups </li>
{% endfor %}

在树枝文件中,我可以访问用户角色,但不能访问组角色。如何合并两者并撤销用户中存在的角色?

如果我尝试为 app.user.groups.roles 中的组执行,我会收到未找到角色的错误。

执行 if is_granted 时,我会收到用户角色。

4

1 回答 1

0

is_granted()调用用户的getRoles()方法并检查给定的参数角色是否在返回的角色数组中。(简化 - 安全提供者调用 getRoles 并将它们添加到安全上下文中,然后 is_granted 检查安全上下文更精确)

现在,如果要返回从用户组继承的角色,则必须合并这些角色。

虽然我不知道您为什么要从组提供的角色中撤消用户角色...

(通常用户的角色会扩展他们的组提供的角色 - 如果您不想要某些角色,请不要将用户添加到组中)

...你可以做这样的事情:

Users.php

public function getRoles()
{
    $groupRoles = array();
    // add all roles provided by groups
    foreach ($this->getGroups() as $group) {
        foreach ($group->getRoles() as $role) {
            $groupRoles[] = $role;
        }
    }
    // - remove dublicates
    // - revoke user's roles
    // - return remaining roles
    return array_unique(array_diff($groupRoles, $this->getRoles()));
}
于 2013-06-15T09:01:35.707 回答