0

我想保护所有?preview=true应用了查询字符串的 url。不幸的是,以下内容不起作用。我猜请求匹配器只查看 pathInfo 。

# app/config/security.yml
access_control:
    - { path: (?|&)preview=true, role: ROLE_ADMIN }

非常感谢任何提示。

4

2 回答 2

0

我很确定访问控制只查看分层部分而不是查询字符串。这是因为查询参数并不意味着确定内容,而只是作为内容的过滤器。您可能需要修改您的 URL 结构以匹配这些。

于 2014-03-19T21:03:38.117 回答
0

自己解决了。正如@Chausser 所说,在security.yml 中无法通过查询参数进行访问控制,因此我为此创建了一个选民。

// src/Your/Bundle/Security/Voter/PreviewAccessVoter.php
namespace Your\Bundle\Security\Voter;

use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;


/**
 * voter that denies access if user has not the required role
 * to access urls with preview query param set true
 */
class PreviewAccessVoter implements VoterInterface
{

    protected $requestStack;
    protected $requiredRole;


    public function __construct(RequestStack $requestStack, $requiredRole)
    {
        $this->requestStack  = $requestStack;
        $this->requiredRole = $requiredRole;
    }


    public function supportsAttribute($attribute)
    {
        return true;
    }


    public function supportsClass($class)
    {
        return true;
    }


    public function vote(TokenInterface $token, $object, array $attributes)
    {
        if(filter_var($this->requestStack->getCurrentRequest()->query->get('preview'), FILTER_VALIDATE_BOOLEAN))
        {
            foreach($token->getRoles() as $role) {
                if($this->requiredRole === $role->getRole()) {
                    return VoterInterface::ACCESS_GRANTED;
                }
            }
            return VoterInterface::ACCESS_DENIED;
        }

        return VoterInterface::ACCESS_ABSTAIN;
    }
}

将选民添加为(隐藏)服务

# src/Your/Bundle/Resources/config/services.yml
# preview voter that denies access for users without the required role
security.access.preview.voter:
    class:      Your\BundleBundle\Security\Voter\PreviewAccessVoter
    arguments:  [ @request_stack , ROLE_ADMIN ]
    tags:       [ { name: security.voter } ]
    public:     false

更改访问决策策略

# app/config/security.yml
access_decision_manager:
    strategy: unanimous # can be: affirmative, unanimous or consensus


请参阅:http ://symfony.com/doc/current/cookbook/security/voters.html作为参考
https://github.com/symfony/Security/blob/master/Core/Authorization/Voter/RoleVoter.php可能也有帮助

于 2014-03-20T15:06:04.370 回答