2

因此,我安装了 foscomment(迄今为止的最新版本)并将其设置为 ACL,并且成功。然后我决定也添加他们基于角色的权限。问题是,发表评论的用户不能再编辑他们自己的评论。如果我赋予他们的角色编辑权,那么他们就可以编辑所有评论。

是否可以在 foscomment 包中本地使用 ACL 和角色?那么那个edit and delete可以设置为ROLE_ADMIN,但是ACL可以允许用户编辑和删除自己的post,即使他们是ROLE_USER?

或者我是否必须放弃角色部分并扩展模板并将其添加到自己中?

这是我的 config.yml foscomment 片段

fos_comment:
    db_driver: orm
    class:
        model:
            comment: Application\Bundle\CommentBundle\Entity\Comment
            thread: Application\Bundle\CommentBundle\Entity\Thread
    acl: true
    service:
        acl:
            thread: fos_comment.acl.thread.roles
            comment: fos_comment.acl.comment.roles
            vote: fos_comment.acl.vote.roles
        manager:
            thread: fos_comment.manager.thread.acl
            comment: fos_comment.manager.comment.acl
            vote: fos_comment.manager.vote.acl
    acl_roles:
        comment:
            create: ROLE_USER
            view: IS_AUTHENTICATED_ANONYMOUSLY
            edit: ROLE_ADMIN
            delete: ROLE_ADMIN
        thread:
            create: IS_AUTHENTICATED_ANONYMOUSLY
            view: IS_AUTHENTICATED_ANONYMOUSLY
            edit: ROLE_ADMIN
            delete: ROLE_ADMIN
        vote:
            create: IS_AUTHENTICATED_ANONYMOUSLY
            view: IS_AUTHENTICATED_ANONYMOUSLY
            edit: ROLE_ADMIN
            delete: ROLE_ADMIN
4

1 回答 1

3

是的,有可能。

安装 FOSUser 包并遵循https://github.com/FriendsOfSymfony/FOSCommentBundle/blob/master/Resources/doc/6-integration_with_fosuserbundle.md

然后,创建以下类:

<?php

namespace Application\Sonata\CommentBundle\Acl;

use FOS\CommentBundle\Acl\RoleCommentAcl as BaseRoleCommentAcl;
use FOS\CommentBundle\Model\CommentInterface;
use FOS\CommentBundle\Model\SignedCommentInterface;
use Symfony\Component\Security\Core\SecurityContextInterface;

class RoleCommentAcl extends BaseRoleCommentAcl
{
    /**
     * The current Security Context.
     *
     * @var SecurityContextInterface
     */
    private $securityContext;

    /**
     * Constructor.
     *
     * @param SecurityContextInterface $securityContext
     * @param string                   $createRole
     * @param string                   $viewRole
     * @param string                   $editRole
     * @param string                   $deleteRole
     * @param string                   $commentClass
     */
    public function __construct(SecurityContextInterface $securityContext,
                                $createRole,
                                $viewRole,
                                $editRole,
                                $deleteRole,
                                $commentClass
    )
    {
        parent::__construct(
            $securityContext,
            $createRole,
            $viewRole,
            $editRole,
            $deleteRole,
            $commentClass);

        $this->securityContext   = $securityContext;
    }


    /**
     * Checks if the Security token has an appropriate role to edit the supplied Comment.
     *
     * @param  CommentInterface $comment
     * @return boolean
     */
    public function canEdit(CommentInterface $comment)
    {
        if ($comment instanceof SignedCommentInterface)
        {
            if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
                return true;
            }
        }
        return parent::canEdit($comment);
    }

    /**
     * Checks if the Security token is allowed to delete a specific Comment.
     *
     * @param  CommentInterface $comment
     * @return boolean
     */
    public function canDelete(CommentInterface $comment)
    {
        if ($comment instanceof SignedCommentInterface)
        {
            if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
                return true;
            }
        }
        return parent::canDelete($comment);
    }

}

并将以下内容添加到 service.yml :

<service id="application.sonata.comment.acl.comment.roles" class="Application\Sonata\CommentBundle\Acl\RoleCommentAcl" public="false">
    <argument type="service" id="security.context" />
    <argument>IS_AUTHENTICATED_FULLY</argument> <!-- Create role -->
    <argument>IS_AUTHENTICATED_ANONYMOUSLY</argument> <!-- View role -->
    <argument>ROLE_ADMIN</argument> <!-- Edit role -->
    <argument>ROLE_ADMIN</argument> <!-- Delete role -->
    <argument>%fos_comment.model.comment.class%</argument>
</service>

最后,使用以下内容更新您的 config.yml:

fos_comment:
    service:
        acl:
            comment: application.sonata.comment.acl.comment.roles

您可以根据自己的要求调整创建的类。

于 2014-12-29T20:19:09.220 回答