全部设置
首先,我们创建了一个选民:
namespace BBIT\CoreBundle\Security\Authorization\Voter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
class EventVoter implements VoterInterface
{
const VIEW = 'VIEW';
const EDIT = 'EDIT';
const DELETE = 'DELETE';
const CREATE = 'CREATE';
const LLIST = 'LIST';
public function supportsAttribute($attribute)
{
return in_array($attribute, array(
self::VIEW,
self::EDIT,
self::DELETE,
self::CREATE,
self::LLIST,
));
}
public function supportsClass($class)
{
$supportedClass = 'BBIT\CoreBundle\Entity\SomeEntity';
if (is_string($class)) {
if ($class === $supportedClass) {
return true;
} else {
return false;
}
}
return $supportedClass === get_class($class) || is_subclass_of(get_class($class), $supportedClass);
}
public function vote(TokenInterface $token, $entity, array $attributes)
{
$user = $token->getUser();
if (!is_object($user)) {
return VoterInterface::ACCESS_DENIED;
}
if (!$this->supportsClass($entity)) {
return VoterInterface::ACCESS_ABSTAIN;
}
$attribute = $attributes[0];
switch($attribute) {
case self::LLIST:
return VoterInterface::ACCESS_DENIED;
break;
case self::VIEW:
return VoterInterface::ACCESS_DENIED;
break;
case self::CREATE:
return VoterInterface::ACCESS_DENIED;
break;
case self::EDIT:
return VoterInterface::ACCESS_DENIED;
break;
case self::DELETE:
return VoterInterface::ACCESS_DENIED;
break;
}
return VoterInterface::ACCESS_DENIED;
}
}
这个选民与 symfony 文档中的默认选民略有不同,其另外的好处是能够接受一个对象或类名本身作为参数。
其次,我们将创建一个 VoterSecurityhandler,它从 sonata 的 RoleSecurityHandler 扩展并覆盖其中的一部分:
namespace BBIT\CoreBundle\Security\Handler;
use Sonata\AdminBundle\Admin\AdminInterface;
use Sonata\AdminBundle\Security\Handler\RoleSecurityHandler;
use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
class VoterSecurityHandler extends RoleSecurityHandler
{
/**
* {@inheritdoc}
*/
public function isGranted(AdminInterface $admin, $attributes, $object = null)
{
if (!is_array($attributes)) {
$attributes = array($attributes);
}
if ($object == $admin) {
$object = $admin->getClass();
}
foreach ($attributes as $pos => $attribute) {
$attributes[$pos] = $attribute;
}
try {
return $this->securityContext->isGranted($attributes, $object);
} catch (AuthenticationCredentialsNotFoundException $e) {
return false;
} catch (\Exception $e) {
throw $e;
}
}
/**
* {@inheritdoc}
*/
public function getBaseRole(AdminInterface $admin)
{
return '%s';
}
}
现在我们需要一个服务定义来将此处理程序定义为服务:
services:
...
sonata.admin.security.handler.voter:
class: BBIT\CoreBundle\Security\Handler\VoterSecurityHandler
arguments:
- @security.context
- [ROLE_SUPER_ADMIN]
现在我们可以告诉 sonata 使用我们的 VoterSecurityHandler:
sonata_admin:
...
security:
handler: sonata.admin.security.handler.voter
多数民众赞成在这一点上,奏鸣曲将考虑你的选民,你应该好好去。