我想创建一个系统,我可以根据用户的角色检查权限 . 我正在使用Symfony ACL . 我已经在acl中授予了类权限,这是代码
public function addContractPermission()
{
$adminBuilder = new MaskBuilder();
$adminBuilder->add('view')
->add('edit')
->add('delete');
$adminMask = $adminBuilder->get();
$guestBuilder = new MaskBuilder();
$guestBuilder->add('view');
$guestMask = $guestBuilder->get();
$aclProvider = $this->get('security.acl.provider');
// Use class for object identity as below
$oid = new ObjectIdentity('agreement', 'Company\\Entity\\Agreement');
$acl = $aclProvider->createAcl($oid);
$securityAdminIdentity = new RoleSecurityIdentity("ROLE_ADMIN");
$securityGuestIdentity = new RoleSecurityIdentity("ROLE_GUEST");
// grant owner access to users with above role
$acl->insertClassAce($securityAdminIdentity, $adminMask);
$acl->insertClassAce($securityGuestIdentity, $guestMask);
$aclProvider->updateAcl($acl);
return $this->render('FintelBundle:Security:addcontractsecurity.html.twig', array(
'utente' => $this->getUser(),
'message' => 'Added ROLE_ADMIN mask('.$adminMask.') e ROLE_GUEST mask('.$guestMask.')'
));
}
当我列出我的“协议”时,我正在检查当前用户是否可以编辑,在我的twig文件中 .
{% block content %}
<h3>Agreements</h3>
<ol>
{% for agreement in agreements %}
<li>{{ agreement.description }} - Author: {{ agreement.user.username }} -
{% if(is_granted('EDIT', agreement)) %}Edit{% endif %}</li>
{% endfor %}
</ol>
{% endblock %}
在这种情况下,即使我的用户有ROLE_ADMIN,我也总是假的
如果我改变了树枝(is_granted不是检查对象而是字符串)
{% block content %}
<h3>Agreements</h3>
<ol>
{% for agreement in agreements %}
<li>{{ agreement.description }} - Author: {{ agreement.user.username }} -
{% if(is_granted('EDIT', 'agreement')) %}Edit{% endif %}</li>
{% endfor %}
</ol>
{% endblock %}
即使我的用户是一个简单的ROLE_GUEST,它也总是如此 .
我哪里错了?