1-您需要创建自己的 MAskBuilder 从默认扩展
namespace Acm\DefaultBundle\Permission;
use Symfony\Component\Security\Acl\Permission\MaskBuilder as BaseMaskBuilder;
class MaskBuilder extends BaseMaskBuilder {
const MASK_PRINT = 256; // 1 << 8
const CODE_PRINT = 'A'; }
2-您需要替换 PermissionMap
namespace Acm\DefaultBundle\Permission;
use Symfony\Component\Security\Acl\Permission\BasicPermissionMap;
use Acm\DefaultBundle \Permission\MaskBuilder;
class PermissionMap extends BasicPermissionMap {
const PERMISSION_PRINT = 'PRINT';
const PERMISSION_VIEW = 'VIEW';
const PERMISSION_EDIT = 'EDIT';
const PERMISSION_CREATE = 'CREATE';
const PERMISSION_DELETE = 'DELETE';
const PERMISSION_UNDELETE = 'UNDELETE';
const PERMISSION_OPERATOR = 'OPERATOR';
const PERMISSION_MASTER = 'MASTER';
const PERMISSION_OWNER = 'OWNER';
private $map = array(
self::PERMISSION_VIEW => array(
MaskBuilder::MASK_VIEW,
MaskBuilder::MASK_EDIT,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
self::PERMISSION_PRINT => array(
MaskBuilder::MASK_PRINT,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,),
self::PERMISSION_EDIT => array(
MaskBuilder::MASK_EDIT,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
self::PERMISSION_CREATE => array(
MaskBuilder::MASK_CREATE,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
self::PERMISSION_DELETE => array(
MaskBuilder::MASK_DELETE,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
self::PERMISSION_UNDELETE => array(
MaskBuilder::MASK_UNDELETE,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
self::PERMISSION_OPERATOR => array(
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
self::PERMISSION_MASTER => array(
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
),
self::PERMISSION_OWNER => array(
MaskBuilder::MASK_OWNER,
),
);
/**
* {@inheritDoc}
*/
public function getMasks($permission, $object)
{
if (!isset($this->map[$permission])) {
return null;
}
return $this->map[$permission];
}
/**
* {@inheritDoc}
*/
public function contains($permission)
{
return isset($this->map[$permission]);
}
}
3-将此添加到您的 config.yml 以替换默认 PermissionsMap
parameters:
security.acl.permission.map.class: Pitchbull\CalendarBundle\Permission\Permission\PermissionMap
4-您现在可以检查是否由 PRINT 授予
$securityContext = $this->get('security.context');
// check for apply access
if false === $securityContext->isGranted('PRINT', $service)) {
//your access is denied
}