正如@nealio82 和@lavb 所说,你应该看看 Gedmo\Blameable ,它可以帮助你处理属性,createdBy
或者updatedBy
你可以在哪里存储User
创建资源的人。
Blameable
StofDoctrineExtensionsBundle
然后要处理访问权限,请查看 Voters,这对于处理安全性和不同的访问权限非常有用。
关于选民的官方 Symfony 文档
例如
图书实体
...
use Gedmo\Mapping\Annotation as Gedmo;
class Book {
...
/**
* @var string $createdBy
*
* @Gedmo\Blameable(on="create")
* @ORM\Column
*/
public User $owner;
public function getOwner() {
return $this->owner;
}
public function setOwner(User $owner) {
$this->owner = $owner
}
}
src/Security/Voter/BookVoter
namespace App\Security;
use App\Entity\Book;
use App\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
class BookVoter extends Voter
{
const VIEW = 'view';
const EDIT = 'edit';
protected function supports(string $attribute, $subject)
{
// if the attribute isn't one we support, return false
if (!in_array($attribute, [self::VIEW, self::EDIT])) {
return false;
}
// only vote on `Book` objects
if (!$subject instanceof Book) {
return false;
}
return true;
}
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token) {
$user = $token->getUser();
if (!$user instanceof User) {
// the user must be logged in; if not, deny access
return false;
}
/** @var Book $book */
$book = $subject;
switch ($attribute) {
case self::VIEW:
return $this->canView($book, $user);
case self::EDIT:
return $this->canEdit($book, $user);
}
throw new \LogicException('This code should not be reached!');
}
private function canEdit(Book $book, User $user) {
// ONLY OWNER CAN EDIT BOOK
return $user === $book->getOwner();
}
private function canView(Book $book, User $user) {
// DIFFERENT LOGIC ?
return $user === $book->getOwner();
}
...
}