douci2022 2014-12-09 17:56
浏览 25
已采纳

在登录流程中捕获用户组,如果属于某个组,则删除对前端的访问权限

I have a application with frontend and backend sides. Both share the same FOSUserBundle users table. The logic behind the application I'm working on doesn't allow "admin" (ROLE_ADMIN or group ADMIN) to be logged in at frontend so I need to catch on login flow whether the user belongs to group ADMIN or has ROLE_SUPERADMIN or ROLE_ADMIN credentials. I think this could be done in someway on the Security flow from Symfony2 itself, but how? What I need to do to catch that and if user belongs redirect to login form (from FOSUserBundle) or allow it to get into the frontend? Any help? Some code? Examples?

security.yml file content:

Regarding user answer this is how my security.yml file is configured:

role_hierarchy:
    ROLE_USER: ROLE_USER
    ROLE_ADMIN: ROLE_ADMIN

access_control:
    # Anonymous area
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/registro, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/cedula, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/rif, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/correo, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/usuario, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/razon_social, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/registro_mercantil, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/padre, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/correo_alternativo, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/paises, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/estados, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/ciudades, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/municipios, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/parroquias, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/empresas, role: IS_AUTHENTICATED_ANONYMOUSLY }

    # Secured area
    - { path: ^/, role: ROLE_USER }
    - { path: ^/admin, role: ROLE_ADMIN }

But users with ROLE_ADMIN can still login in frontend (/) and them shouldn't right? What's wrong then?

  • 写回答

1条回答 默认 最新

  • dousuowu4610 2014-12-09 18:43
    关注

    You must know the role hierarchy in your security.yml file.

    You don't need to extend default functionality on fosuserbundle or symfony security to achieve that.

    For example:

    role_hierarchy:
    ROLE_USER: ROLE USER
    ROLE_CONTENT_MANAGER: ROLE_USER
    ROLE_ADMIN: [ROLE_CONTENT_MANAGER]
    ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    So, super admin can go anywhere all other grups allowed. Admin, has the rights of content manager. Content manager has the rights of user.

    Check your access control in your security.yml file.

    access_control:
    - { path: ^/private_directory$, roles: MUST_BE_RIGHT_TO_SEE_HERE }

    So, the role MUST_BE_RIGHT_TO_SEE_HERE can only see the private_directory. Any other roles can not.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 Vue3 大型图片数据拖动排序
  • ¥15 划分vlan后不通了
  • ¥15 GDI处理通道视频时总是带有白色锯齿
  • ¥20 用雷电模拟器安装百达屋apk一直闪退
  • ¥15 算能科技20240506咨询(拒绝大模型回答)
  • ¥15 自适应 AR 模型 参数估计Matlab程序
  • ¥100 角动量包络面如何用MATLAB绘制
  • ¥15 merge函数占用内存过大
  • ¥15 使用EMD去噪处理RML2016数据集时候的原理
  • ¥15 神经网络预测均方误差很小 但是图像上看着差别太大