dongmao7195 2014-06-03 00:00
浏览 75
已采纳

具有ACL和角色的FOS注释权限

So, I installed foscomment (most current version to date) and set it up for ACL, with success. I then decided to add their role based permissions as well. The problem is, the user who posts a comment can no longer edit their own comment. and if I give their role the edit power, then they can edit all comments.

Is it possible to use ACL and Roles natively in the foscomment bundle? SO that edit and delete can be set to ROLE_ADMIN, but ACL can allow users to edit and delete their own posts, even if they are ROLE_USER?

OR do I have to leave off the roles part and extend the templates and add it in myself?

here is my config.yml foscomment snippet

fos_comment:
    db_driver: orm
    class:
        model:
            comment: Application\Bundle\CommentBundle\Entity\Comment
            thread: Application\Bundle\CommentBundle\Entity\Thread
    acl: true
    service:
        acl:
            thread: fos_comment.acl.thread.roles
            comment: fos_comment.acl.comment.roles
            vote: fos_comment.acl.vote.roles
        manager:
            thread: fos_comment.manager.thread.acl
            comment: fos_comment.manager.comment.acl
            vote: fos_comment.manager.vote.acl
    acl_roles:
        comment:
            create: ROLE_USER
            view: IS_AUTHENTICATED_ANONYMOUSLY
            edit: ROLE_ADMIN
            delete: ROLE_ADMIN
        thread:
            create: IS_AUTHENTICATED_ANONYMOUSLY
            view: IS_AUTHENTICATED_ANONYMOUSLY
            edit: ROLE_ADMIN
            delete: ROLE_ADMIN
        vote:
            create: IS_AUTHENTICATED_ANONYMOUSLY
            view: IS_AUTHENTICATED_ANONYMOUSLY
            edit: ROLE_ADMIN
            delete: ROLE_ADMIN
  • 写回答

1条回答 默认 最新

  • dongtang3155 2014-12-29 20:19
    关注

    Yes it is possible.

    Install FOSUser bundle and follow https://github.com/FriendsOfSymfony/FOSCommentBundle/blob/master/Resources/doc/6-integration_with_fosuserbundle.md .

    Then, create the following class :

    <?php

namespace Application\Sonata\CommentBundle\Acl;

use FOS\CommentBundle\Acl\RoleCommentAcl as BaseRoleCommentAcl;
use FOS\CommentBundle\Model\CommentInterface;
use FOS\CommentBundle\Model\SignedCommentInterface;
use Symfony\Component\Security\Core\SecurityContextInterface;

class RoleCommentAcl extends BaseRoleCommentAcl
{
    /**
     * The current Security Context.
     *
     * @var SecurityContextInterface
     */
    private $securityContext;

    /**
     * Constructor.
     *
     * @param SecurityContextInterface $securityContext
     * @param string                   $createRole
     * @param string                   $viewRole
     * @param string                   $editRole
     * @param string                   $deleteRole
     * @param string                   $commentClass
     */
    public function __construct(SecurityContextInterface $securityContext,
                                $createRole,
                                $viewRole,
                                $editRole,
                                $deleteRole,
                                $commentClass
    )
    {
        parent::__construct(
            $securityContext,
            $createRole,
            $viewRole,
            $editRole,
            $deleteRole,
            $commentClass);

        $this->securityContext   = $securityContext;
    }


    /**
     * Checks if the Security token has an appropriate role to edit the supplied Comment.
     *
     * @param  CommentInterface $comment
     * @return boolean
     */
    public function canEdit(CommentInterface $comment)
    {
        if ($comment instanceof SignedCommentInterface)
        {
            if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
                return true;
            }
        }
        return parent::canEdit($comment);
    }

    /**
     * Checks if the Security token is allowed to delete a specific Comment.
     *
     * @param  CommentInterface $comment
     * @return boolean
     */
    public function canDelete(CommentInterface $comment)
    {
        if ($comment instanceof SignedCommentInterface)
        {
            if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
                return true;
            }
        }
        return parent::canDelete($comment);
    }

}

    And add the following to service.yml :

    <service id="application.sonata.comment.acl.comment.roles" class="Application\Sonata\CommentBundle\Acl\RoleCommentAcl" public="false">
    <argument type="service" id="security.context" />
    <argument>IS_AUTHENTICATED_FULLY</argument> <!-- Create role -->
    <argument>IS_AUTHENTICATED_ANONYMOUSLY</argument> <!-- View role -->
    <argument>ROLE_ADMIN</argument> <!-- Edit role -->
    <argument>ROLE_ADMIN</argument> <!-- Delete role -->
    <argument>%fos_comment.model.comment.class%</argument>
</service>

    Finally, update your config.yml with the following :

    fos_comment:
    service:
        acl:
            comment: application.sonata.comment.acl.comment.roles

    You can adapt the created class depending on your requirements.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥60 pb数据库修改或者求完整pb库存系统,需为pb自带数据库
  • ¥15 spss统计中二分类变量和有序变量的相关性分析可以用kendall相关分析吗?
  • ¥15 拟通过pc下指令到安卓系统,如果追求响应速度,尽可能无延迟,是不是用安卓模拟器会优于实体的安卓手机?如果是,可以快多少毫秒?
  • ¥20 神经网络Sequential name=sequential, built=False
  • ¥16 Qphython 用xlrd读取excel报错
  • ¥15 单片机学习顺序问题!!
  • ¥15 ikuai客户端多拨vpn,重启总是有个别重拨不上
  • ¥20 关于#anlogic#sdram#的问题,如何解决?(关键词-performance)
  • ¥15 相敏解调 matlab
  • ¥15 求lingo代码和思路