在security.yaml
文件中,我们定义了各种路由的访问控制以及可以访问同一路由的角色。
但是我们如何设置已登录但不能重新访问 /login 页面的用户,除非它注销并且“ROLE_USER”更改为“anon”。
我是 Symfony 4.2 的新手。
控制器:
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
//use Symfony\Component\Security\Core\Exception\AccessDeniedException;
class SecurityController extends AbstractController
{
/**
* @Route("/login", name="login")
*/
public function login(Request $request, AuthenticationUtils $utils, AuthorizationCheckerInterface $authChecker)
{
// to check whether user is looged-in
if ($authChecker->isGranted('IS_AUTHENTICATED_FULLY')) {
die('Logged in user cannot access this page');
}
// get the login error if there is one
$error = $utils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $utils->getLastUsername();
return $this->render('security/login.html.twig', [
'last_username' => $lastUsername,
'error' => $error
]);
}
public function logout()
{
# code...
}