我遵循了 symfony、api-platform 和幾個 stackoverflow 示例中的幾個示例,但無濟于事。我不知道是我做錯了什么還是我不理解選民和角色的概念。當我嘗試訪問端點時,它會拋出只有具有權限的用戶才能查看儀表板。
在 services.yaml
app.user_permission:
class: App\Security\SecurityVoter
arguments: ['@security.access.decision_manager']
tags:
- { name: security.voter}
我創建了一個自定義選民來使用。這里我做了幾處修改,洗掉了幾處以采用我在 StackOverflow Example上看到的示例
use App\Entity\Product;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
class SecurityVoter extends Voter {
private $decisionManager;
const VIEW = 'view';
const EDIT = 'edit';
public function __construct (AccessDecisionManagerInterface $decisionManager) {
$this->decisionManager = $decisionManager;
}
protected function supports($attribute, $subject): bool {
// if the attribute isn't one we support, return false
if (!in_array($attribute, [self::VIEW, self::EDIT])) {
return false;
}
return true;
}
/**
* @param string $attribute
* @param TokenInterface $token
* @return bool
*/
protected function voteOnAttribute($attribute, $object, TokenInterface $token): bool {
$user = $token->getUser();
if (!$user instanceof UserInterface) {
// the user must be logged in; if not, deny access
return false;
}
// check ROLE_USER
if ($this->security->isGranted('ROLE_USER')) {
return true;
}
switch ($attribute) {
case self::VIEW:
if($this->decisionManager->decide($token, ['ROLE_USER'])) {
return true;
}
break;
case self::EDIT:
if($this->decisionManager->decide($token, ['ROLE_USER'])) {
return true;
}
break;
}
throw new \LogicException('This code should not be reached!');
}
}
在我的物體中,我定義了這樣的東西。
#[ApiResource(
attributes: ["security" => "is_granted('ROLE_USER')"],
collectionOperations: [
"get",
"post" => [
"security_post_denormalize" => "is_granted('ROLE_USER)",
"security_message" => "Only user with permission can create a dashboard.",
],
],
itemOperations: [
"get" => [ "security" => "is_granted('VIEW') " , "security_message" => "Only user with permission can view dashboard."],
"put" => [ "security" => "is_granted('EDIT')", "security_message" => "Only user with permission can edit dashboard."],
],
)]
我目前在 Symfony 5.4.7 上,我嘗試使用示例代碼。似乎沒有任何作業。我必須使用dd()and dump(),控制臺或分析器上沒有列印任何內容。我已經使用過loggerInterface(也許我沒有正確執行),但我沒有看到任何輸出到 var.
uj5u.com熱心網友回復:
你比你想象的更接近。你不需要使用 Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface。您可以按如下方式使用 Security 類。
use App\Entity\Product;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
class SecurityVoter extends Voter {
private $security;
const VIEW = 'view';
const EDIT = 'edit';
public function __construct ( Security $security) {
$this->security = $security;
}
protected function supports($attribute, $subject): bool {
// if the attribute isn't one we support, return false
$supportsAttribute = in_array($attribute, ['VIEW', 'EDIT']);
$supportsSubject = $subject instanceof WorkshopSession;
return $supportsAttribute && $supportsSubject;
}
/**
* @param string $attribute
* @param Product $product
* @param TokenInterface $token
* @return bool
*/
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool {
$user = $token->getUser();
if (!$user instanceof UserInterface) {
// the user must be logged in; if not, deny access
return false;
}
dd($user);
// check ROLE_USER
if ($this->security->isGranted('ROLE_USER')) {
return true;
}
switch ($attribute) {
case self::VIEW:
if($this->security->isGranted('ROLE_USER')) {
return true;
}
break;
case self::EDIT:
if($this->security->isGranted('ROLE_USER')) {
return true;
}
break;
}
throw new \LogicException('This code should not be reached!');
}
}
同時,您不需要為此配置服務。
要將投票者注入安全層,您必須將其宣告為服務并使用 security.voter 對其進行標記。但是,如果您使用默認的 services.yaml 配置,則會自動為您完成!
在您的物體中
#[ApiResource(
attributes: ["security" => "is_granted('ROLE_USER')"],
collectionOperations: [
"get",
"post" => [
"security_post_denormalize" => "is_granted('ROLE_USER')",
"security_message" => "Only user with permission can create a dashboard.",
],
],
itemOperations: [
"get" => [ "security" => "is_granted('VIEW', object) " ],
"put" => [ "security" => "is_granted('EDIT')", "security_message" => "Only user with permission can edit dashboard."],
],
)]
您也可以閱讀此內容以供參考 - API 平臺
注意:您可以使用 dd() - 例如 dd($user);
轉載請註明出處,本文鏈接:https://www.uj5u.com/qiye/456395.html