1

大家好,我需要操作管理生成器的数据,我一直在阅读文档,但这对我没有帮助。我需要一个用户只能看到他的组的信息,而不能看到更多。

这是我的 generator.yml

generator: admingenerator.generator.propel
params:
model: Velfasa\SoporteBundle\Model\Usuario
namespace_prefix: Velfasa
concurrency_lock: ~
bundle_name: SoporteBundle
pk_requirement: ~
fields: ~
object_actions:
    delete: ~
batch_actions:
    delete: ~
builders:
list:
    params:
        title: Lista de usuarios
        display: [ nombre, apellido, dpi, username, direccion, fecha_de_nacimiento]
        actions:
            new:
                route: usuario_registro
        object_actions:
            edit:
                route: usuario_editar
            delete: ~
            show: 
                route: usuario_visualizar
filters:
    params:
        display: [nombre, email, apellido, dpi, username, direccion, fecha_de_nacimiento]
new:
    params:
        title: Nuevo usuario
        display: ~
        actions:
            save: ~
            list: ~
edit:
    params:
        title: Editar
        display: ~
        actions:
            save: ~
            list: ~
show:
    params:
        title: Vista general
        display: ~
        actions:
            list: ~
            new: ~
actions:
    params:
        object_actions:
            delete: ~
        batch_actions:
            delete: ~

你希望这里有人可以帮助我

4

2 回答 2

0

仔细查看文档的安全部分,我认为您应该使用凭据。

显示/编辑/删除操作

编辑您的 yml 文件并为您想要保护的所有对象操作添加凭据功能(检查 ifOwnedByGroupSameAsCurrentUser ?)。也许你有更好的名字;)

# ...
params:
    # ...
    object_actions:
        show:
            credentials: 'ifOwnedByGroupSameAsCurrentUser(object)'
        edit:
            credentials: 'ifOwnedByGroupSameAsCurrentUser(object)'
        delete:
            credentials: 'ifOwnedByGroupSameAsCurrentUser(object)' 
    # ...

现在定义函数。在同一个包内(不使用外部包)定义安全类:

// src/MyPrefix/MyBundle/Security/AccessEvaluator.php
<?php

namespace MyPrefix\MyBundle\Security;

use Symfony\Component\DependencyInjection\ContainerInterface;
use JMS\DiExtraBundle\Annotation as DI;

/**
 * @DI\Service
 */
class AccessEvaluator
{

    private $container;

    /**
     * @DI\InjectParams({
     *     "container" = @DI\Inject("service_container"),
     * })
     */
    public function __construct( ContainerInterface $container )
    {
        $this->container = $container;
    }

    /**
     * @DI\SecurityFunction("ifOwnedByGroupSameAsCurrentUser")
     */
    public function ifOwnedByGroupSameAsCurrentUser( $object )
    {
        // Get current user
        $user = $this->getCurrentUser();

        //
        // THIS IS THE MAGIC
        // change this part to check if user and object has the same group related
        // I assumed that the object has one related group and user can have more groups
        // 
        if( in_array( $object->getGroup(), $user->getGroups() ) )
        {
            return true;
        }

        // this function must return a boolean value
        return false;
    }

    protected function getCurrentUser()
    {
        // I use fos user bundle
        // replace with your own "get user" code
        $userManager = $this->container->get( 'fos_user.user_manager' );
        $user = $userManager->findUserByUsername( $this->container->get( 'security.context' )->getToken()->getUser() );

        return $user;
    }
}

列出动作

要保护 List Action,您需要编辑 ListController 并覆盖 processQuery 函数。此功能是为此目的而设计的,因此无需担心。限制访问的正确方法是使用 AdminGenerator Filter 方法:

// src/MyPrefix/MyBundle/Controller/MyController/ListController.php
// ...
protected function processFilters( $query )
{
    // Get current user
    $userManager = $this->get( 'fos_user.user_manager' );
    $user = $userManager->findUserByUsername( $this->get( 'security.context' )->getToken()->getUser() );

    $filterObject = $this->getFilters();
    $queryFilter = $this->getQueryFilter();
    $queryFilter->setQuery( $query );
    //
    // THIS IS THE MAGIC
    // change this part to check if user and object has the same group related
    // I assumed that the object has one related group and user can have more groups
    //        
    foreach( $user->getGroups() as $group )
    {
        $queryFilter->addEntityFilter( 'group', $group );
    }
    parent::processFilters( $query );
}

祝你好运!

于 2014-01-25T18:19:21.583 回答
0

我使用的解决方案是覆盖方法查询上的列表控制器。在这里,您可以设置您的个人查询并进行任何修改。

于 2014-01-27T19:04:53.873 回答