dongmao7195 2014-06-03 00:00
浏览 75
已采纳

具有ACL和角色的FOS注释权限

So, I installed foscomment (most current version to date) and set it up for ACL, with success. I then decided to add their role based permissions as well. The problem is, the user who posts a comment can no longer edit their own comment. and if I give their role the edit power, then they can edit all comments.

Is it possible to use ACL and Roles natively in the foscomment bundle? SO that edit and delete can be set to ROLE_ADMIN, but ACL can allow users to edit and delete their own posts, even if they are ROLE_USER?

OR do I have to leave off the roles part and extend the templates and add it in myself?

here is my config.yml foscomment snippet

fos_comment:
    db_driver: orm
    class:
        model:
            comment: Application\Bundle\CommentBundle\Entity\Comment
            thread: Application\Bundle\CommentBundle\Entity\Thread
    acl: true
    service:
        acl:
            thread: fos_comment.acl.thread.roles
            comment: fos_comment.acl.comment.roles
            vote: fos_comment.acl.vote.roles
        manager:
            thread: fos_comment.manager.thread.acl
            comment: fos_comment.manager.comment.acl
            vote: fos_comment.manager.vote.acl
    acl_roles:
        comment:
            create: ROLE_USER
            view: IS_AUTHENTICATED_ANONYMOUSLY
            edit: ROLE_ADMIN
            delete: ROLE_ADMIN
        thread:
            create: IS_AUTHENTICATED_ANONYMOUSLY
            view: IS_AUTHENTICATED_ANONYMOUSLY
            edit: ROLE_ADMIN
            delete: ROLE_ADMIN
        vote:
            create: IS_AUTHENTICATED_ANONYMOUSLY
            view: IS_AUTHENTICATED_ANONYMOUSLY
            edit: ROLE_ADMIN
            delete: ROLE_ADMIN
  • 写回答

1条回答 默认 最新

  • dongtang3155 2014-12-29 20:19
    关注

    Yes it is possible.

    Install FOSUser bundle and follow https://github.com/FriendsOfSymfony/FOSCommentBundle/blob/master/Resources/doc/6-integration_with_fosuserbundle.md .

    Then, create the following class :

    <?php

namespace Application\Sonata\CommentBundle\Acl;

use FOS\CommentBundle\Acl\RoleCommentAcl as BaseRoleCommentAcl;
use FOS\CommentBundle\Model\CommentInterface;
use FOS\CommentBundle\Model\SignedCommentInterface;
use Symfony\Component\Security\Core\SecurityContextInterface;

class RoleCommentAcl extends BaseRoleCommentAcl
{
    /**
     * The current Security Context.
     *
     * @var SecurityContextInterface
     */
    private $securityContext;

    /**
     * Constructor.
     *
     * @param SecurityContextInterface $securityContext
     * @param string                   $createRole
     * @param string                   $viewRole
     * @param string                   $editRole
     * @param string                   $deleteRole
     * @param string                   $commentClass
     */
    public function __construct(SecurityContextInterface $securityContext,
                                $createRole,
                                $viewRole,
                                $editRole,
                                $deleteRole,
                                $commentClass
    )
    {
        parent::__construct(
            $securityContext,
            $createRole,
            $viewRole,
            $editRole,
            $deleteRole,
            $commentClass);

        $this->securityContext   = $securityContext;
    }


    /**
     * Checks if the Security token has an appropriate role to edit the supplied Comment.
     *
     * @param  CommentInterface $comment
     * @return boolean
     */
    public function canEdit(CommentInterface $comment)
    {
        if ($comment instanceof SignedCommentInterface)
        {
            if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
                return true;
            }
        }
        return parent::canEdit($comment);
    }

    /**
     * Checks if the Security token is allowed to delete a specific Comment.
     *
     * @param  CommentInterface $comment
     * @return boolean
     */
    public function canDelete(CommentInterface $comment)
    {
        if ($comment instanceof SignedCommentInterface)
        {
            if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
                return true;
            }
        }
        return parent::canDelete($comment);
    }

}

    And add the following to service.yml :

    <service id="application.sonata.comment.acl.comment.roles" class="Application\Sonata\CommentBundle\Acl\RoleCommentAcl" public="false">
    <argument type="service" id="security.context" />
    <argument>IS_AUTHENTICATED_FULLY</argument> <!-- Create role -->
    <argument>IS_AUTHENTICATED_ANONYMOUSLY</argument> <!-- View role -->
    <argument>ROLE_ADMIN</argument> <!-- Edit role -->
    <argument>ROLE_ADMIN</argument> <!-- Delete role -->
    <argument>%fos_comment.model.comment.class%</argument>
</service>

    Finally, update your config.yml with the following :

    fos_comment:
    service:
        acl:
            comment: application.sonata.comment.acl.comment.roles

    You can adapt the created class depending on your requirements.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 PointNet++的onnx模型只能使用一次
  • ¥20 西南科技大学数字信号处理
  • ¥15 有两个非常“自以为是”烦人的问题急期待大家解决!
  • ¥30 STM32 INMP441无法读取数据
  • ¥15 R语言绘制密度图,一个密度曲线内fill不同颜色如何实现
  • ¥100 求汇川机器人IRCB300控制器和示教器同版本升级固件文件升级包
  • ¥15 用visualstudio2022创建vue项目后无法启动
  • ¥15 x趋于0时tanx-sinx极限可以拆开算吗
  • ¥500 把面具戴到人脸上,请大家贡献智慧,别用大模型回答,大模型的答案没啥用
  • ¥15 任意一个散点图自己下载其js脚本文件并做成独立的案例页面,不要作在线的,要离线状态。