I'm building a web application using Symfony2. I've been implementing the ACL modules and it worked perfectly, but stumbled on an issue when trying to make a pannel to manage rights.
我正在使用Symfony2构建一个Web应用程序。我一直在实施ACL模块,它工作得很好,但在尝试制作一个管理权限的pannel时偶然发现了一个问题。
So I got as user which can create a project and add "participants" on his project. The participants can have three different access type which are masks from the mask builder MASK_VIEW, MASK_EDIT, MASK_OPERATOR. Using the ProblematicAclManagerBundle we can easily add access to these using doing this :
所以我得到了用户,可以创建一个项目并在他的项目中添加“参与者”。参与者可以有三种不同的访问类型,它们是掩码构建器MASK_VIEW,MASK_EDIT,MASK_OPERATOR中的掩码。使用ProblematicAclManagerBundle,我们可以使用以下方法轻松添加对这些的访问:
$this->aclManager->addObjectPermission($project, $mask, $user);
The thing is that when you want to edit the project, you have to be able to list the users with their current access rights. The function isGranted can get you the users right for the current logged in user, but not for other users. Compared to the addXXXX functions where there are three arguments, the isGranted only have two, the secured object and the mask. Thus you cannot find the right for another user with this function.
问题是,当您想要编辑项目时,您必须能够列出具有当前访问权限的用户。函数isGranted可以为用户提供当前登录用户的权限,但不能为其他用户提供。与有三个参数的addXXXX函数相比,isGranted只有两个,即安全对象和掩码。因此,您无法找到具有此功能的其他用户的权限。
Is there some sort of way to get the rights of other user built-in? Or do I have to build my own SQL queries to extract the data from the acl tables?
是否有某种方法可以获得其他用户内置的权限?或者我是否必须构建自己的SQL查询以从acl表中提取数据?
3 个解决方案
#1
1
Maybe you can try to put another token in the security context, linked to another user:
也许您可以尝试将另一个令牌放在安全上下文中,链接到另一个用户:
$securityContext->setToken(new Token($user2));
$securityContext->isGranted('test', $object);
#2
1
Here is what I have right now... I made a raw sql query with nested selects.
这就是我现在所拥有的...我使用嵌套选择进行了原始的SQL查询。
//...
$objectClass = get_class($object);
$objectId = $object->getId();
$userSecurityIdentity = get_class($user) . '-' . $user->getUsername();
$sql = "SELECT `mask` FROM `acl_entries`" .
"WHERE `object_identity_id` in (" .
"SELECT `id` FROM `acl_object_identities` " .
"WHERE `object_identifier` = :objectId AND `class_id` in (" .
"SELECT `id` FROM `acl_classes` WHERE `class_type` = :objectClass" .
")" .
")" .
"AND `security_identity_id` in (" .
"SELECT `id` FROM `acl_security_identities`" .
"WHERE `identifier` = :userSecurityIdentity" .
");";
$query = $this->entityManager->getConnection()->executeQuery($sql, array(
'objectId' => $objectId,
'objectClass' => $objectClass,
'userSecurityIdentity' => $userSecurityIdentity)
);
$data = $query->fetch();
$mask = $data['mask'];
// ...
This solutions works, but is not the best one to me since you actually query directly the table instead of using the ACL module, I'll update if I find something else.
这个解决方案有效,但对我来说不是最好的解决方案,因为你实际上直接查询表而不是使用ACL模块,如果我发现其他东西,我会更新。
#3
0
well the Symfony\Component\Security\Acl\Model\AclInterface provides this method:
以及Symfony \ Component \ Security \ Acl \ Model \ AclInterface提供了这种方法:
/**
* Determines whether access is granted
*
* @throws NoAceFoundException when no ACE was applicable for this request
* @param array $masks
* @param array $securityIdentities
* @param Boolean $administrativeMode
* @return Boolean
*/
public function isGranted(array $masks, array $securityIdentities, $administrativeMode = false);
#1
1
Maybe you can try to put another token in the security context, linked to another user:
也许您可以尝试将另一个令牌放在安全上下文中,链接到另一个用户:
$securityContext->setToken(new Token($user2));
$securityContext->isGranted('test', $object);
#2
1
Here is what I have right now... I made a raw sql query with nested selects.
这就是我现在所拥有的...我使用嵌套选择进行了原始的SQL查询。
//...
$objectClass = get_class($object);
$objectId = $object->getId();
$userSecurityIdentity = get_class($user) . '-' . $user->getUsername();
$sql = "SELECT `mask` FROM `acl_entries`" .
"WHERE `object_identity_id` in (" .
"SELECT `id` FROM `acl_object_identities` " .
"WHERE `object_identifier` = :objectId AND `class_id` in (" .
"SELECT `id` FROM `acl_classes` WHERE `class_type` = :objectClass" .
")" .
")" .
"AND `security_identity_id` in (" .
"SELECT `id` FROM `acl_security_identities`" .
"WHERE `identifier` = :userSecurityIdentity" .
");";
$query = $this->entityManager->getConnection()->executeQuery($sql, array(
'objectId' => $objectId,
'objectClass' => $objectClass,
'userSecurityIdentity' => $userSecurityIdentity)
);
$data = $query->fetch();
$mask = $data['mask'];
// ...
This solutions works, but is not the best one to me since you actually query directly the table instead of using the ACL module, I'll update if I find something else.
这个解决方案有效,但对我来说不是最好的解决方案,因为你实际上直接查询表而不是使用ACL模块,如果我发现其他东西,我会更新。
#3
0
well the Symfony\Component\Security\Acl\Model\AclInterface provides this method:
以及Symfony \ Component \ Security \ Acl \ Model \ AclInterface提供了这种方法:
/**
* Determines whether access is granted
*
* @throws NoAceFoundException when no ACE was applicable for this request
* @param array $masks
* @param array $securityIdentities
* @param Boolean $administrativeMode
* @return Boolean
*/
public function isGranted(array $masks, array $securityIdentities, $administrativeMode = false);