douzheng0702
2013-11-09 12:26
浏览 28
已采纳

symfony2 access_control真的有用吗?

lets say that i have three roles:

1) ADMIN_ROLE
2) USER_ROLE
3) COMPANY_ROLE 

Now I have bundles for each of that roles.

1) AdminBundle
2) UserBundle
3) CompanyBundle

I have three routes

1) /admin
2) /user
3) /company

I do not want to check ho user is (what is his role) in every controller in every bundle. Will this part of symfony security do that for me:

-{ path: ^/admin, roles: ROLE_ADMIN } #only ROLE_ADMIN will be able to see this
-{ path: ^/user, roles: ROLE_USER } #only ROLE_USER will be able to see this
-{ path: ^/company, roles: ROLE_COMPANY } #only ROLE_COMPANY will be able to see this

My questions are:

1) Is it possible to have ROLE_COMPANY (or any other custom role for that metter)?

2) Will access_control do checking of logged in users roles and lets say if I am ROLE_ADMIN and trying to access some page that is for ROLE_USER, will symfony handle that and say "this is not for admin, this is for user"?

3) If symfony can not handle this for me, is it possible to have some Event listener on every page open/refresh that will check this for me?

I do not want to check in every controller who logged user is. It is kind of stupid.

图片转代码服务由CSDN问答提供 功能建议

假设我有三个角色:

  1)  ADMIN_ROLE 
2)USER_ROLE 
3)COMPANY_ROLE 
   
 
 

现在,每个角色都有捆绑包。

   1)AdminBundle 
2)UserBundle 
3)CompanyBundle 
   
 
 

我有三条路线

  1)/ admin  
2)/ user 
3)/ company 
   
 
 

我不想在每个包中的每个控制器中检查用户是什么(他的角色是什么)。 n这部分symfony安全性会为我做这件事:

   -  {path:^ / admin,roles:ROLE_ADMIN} #only ROLE_ADMIN将能够看到这个
- { 路径:^ / user,roles:ROLE_USER} #only ROLE_USER将能够看到这个
- {path:^ / company,roles:ROLE_COMPANY} #only ROLE_COMPANY将能够看到这个
   
 
 

我的问题是:

1)是否可以拥有ROLE_COMPANY(或该metter的任何其他自定义角色)? \ n

2)access_control会检查登录用户角色吗? d让我们说如果我是ROLE_ADMIN并尝试访问一些用于ROLE_USER的页面,那么symfony会处理并说“这不适用于管理员,这是针对用户的”吗?

3)如果symfony无法为我处理这个问题,是否可以在每个页面上打开/刷新一些事件监听器来检查这个? \ n

我不想检查登录用户的每个控制器。 这有点愚蠢。

  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • douzi115522 2013-11-09 12:36
    已采纳
    1. Yes
    2. Yes (you can define hierarchy too, so you can make ROLE_ADMIN be able to access all of it child roles). For example, you can make ROLE_ADMIN be able to access all ROLE_USER and ROLE_ADMIN protected routes, but let ROLE_USER only access it's own routes. (Docs)
    3. You can still create listener, but it will do it for you
    已采纳该答案
    评论
    解决 无用
    打赏 举报

相关推荐 更多相似问题