我最初在我的一个捆绑包中创建了一个选民,并且毫无问题地使用它。但是,我在另一个包中创建了另一个,因为它使用不同的类,并且决定是否让用户通过的方式也不同。
问题是,尽管我遵循与第一个选民完全相同的步骤,但没有检测到第二个选民。
我究竟做错了什么?是否可以只创建和使用一个选民?
所以这是第一个正常工作的,我完全按照文档说的那样做。
将其注册为服务
services:
security.access.support_voter:
class: SupportMessageBundle\Security\Voter\SupportVoter
public: false
tags:
- { name: security.voter }
创造它。简要说明它的作用:检查当前用户在 mySupportMessageBundle中的角色,这是一个用于管理支持票证的捆绑包。我还有一个常量来检查 Ticket 是否由用户启动。
namespace SupportMessageBundle\Security\Voter;
use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter;
use MedAppBundle\Entity\User;
use Symfony\Component\Security\Core\User\UserInterface;
class SupportVoter extends AbstractVoter
{
const SUPPORT = 'support';
const SUPERADMIN = 'superadmin';
const MEDIC = 'medic';
const ISMINE = 'ismine';
/* const EDIT = 'edit';*/
protected function getSupportedAttributes()
{
return array(self::SUPPORT, self::SUPERADMIN,self::MEDIC,self::ISMINE/*, self::EDIT*/);
}
protected function getSupportedClasses()
{
return array('MedAppBundle\Entity\User','SupportMessageBundle\Entity\Ticket');
}
protected function isGranted($attribute, $object, $user = null)
{
// make sure there is a user object (i.e. that the user is logged in)
if (!$user instanceof UserInterface) {
return false;
}
// double-check that the User object is the expected entity.
// It always will be, unless there is some misconfiguration of the
// security system.
if (!$user instanceof User) {
throw new \LogicException('The user is somehow not our User class!');
}
switch ($attribute) {
case self::SUPPORT:
// the data object could have for example a method isPrivate()
// which checks the Boolean attribute $private
{
if ($user->hasRole('ROLE_SUPPORT')||$user->hasRole('ROLE_SUPER_ADMIN')) {
return true;
}
}
break;
case self::SUPERADMIN:
// the data object could have for example a method isPrivate()
// which checks the Boolean attribute $private
{
if ($user->hasRole('ROLE_SUPER_ADMIN')) {
return true;
}
}
break;
/*case self::EDIT:
// this assumes that the data object has a getOwner() method
// to get the entity of the user who owns this data object
if ($user->getId() === $post->getOwner()->getId()) {
return true;
}
break;*/
case self::MEDIC:
// the data object could have for example a method isPrivate()
// which checks the Boolean attribute $private
{
if ($user->hasRole('ROLE_MEDIC')) {
return true;
}
}
break;
case self::ISMINE:
// the data object could have for example a method isPrivate()
// which checks the Boolean attribute $private
{
if ($user == $object->getSender()) {
return true;
}
}
break;
}
return false;
}
}
至于第二个,
我也将它注册为服务,在另一个捆绑包中services.yml:
services:
security.access.features_voter:
class: MedAppBundle\Security\Voter\FeaturesVoter
public: false
tags:
- { name: security.voter }
而这次我没有检查任何东西,我只是 return ,但每次true调用它都会返回我,所以显然有问题。false
namespace MedAppBundle\Security\Voter;
use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter;
class FeaturesVoter extends AbstractVoter
{
const ISMINE = 'ismine';
protected function getSupportedAttributes()
{
return array(self::ISMINE);
}
protected function getSupportedClasses()
{
return array('MedAppBundle/Entity/Features');
}
public function isGranted($attribute, $object, $user = null)
{
return true;
}
}
我尝试调用它的方式是:
$this->isGranted('issmine',$id); //returns false
$this->denyAccessUnlessGranted('issmine', $id, 'Unauthorized access!'); //denies access
$id是一个Feature对象,它来自MedAppBundle包含Feature实体的控制器。
然而,第一个投票者工作正常,所以我在这个声明中一定做错了什么,否则不可能有多个。
debug:container 没有列出它们,甚至没有列出工作的。捆绑包被加载到内核中,因为我一直在使用控制器和其他东西,只是服务似乎不起作用。所有包都$loader->load('services.yml');在 BundlenameExtension.php 文件中的 DependencyInjection 目录中