我有一个注册表,允许管理员创建一个用户并为其分配一个定义明确的角色。创建后,如果我尝试与我拥有的角色连接,应用程序会向我显示资源访问错误
保密性.yaml
security:
encoders:
AppEntityUser:
algorithm: bcrypt
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
in_memory: { memory: ~ }
in_database:
entity:
class: AppEntityUser
property: name
role_hierarchy:
# Un admin hérite des droits d'utilisateur et de souscommission
ROLE_ADMIN: ROLE_SOUSCOMMISSION
# On garde ce rôle superadmin, il nous resservira par la suite
#ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: true
provider:
in_database
form_login:
login_path: security_login
check_path: security_login
logout:
path: security_logout
target: home
# activate different ways to authenticate
# http_basic: true
# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
# form_login: true
# https://symfony.com/doc/current/security/form_login_setup.html
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/admin/traitement, roles: ROLE_SOUSCOMMISSION }
对我的婴儿床的操作在我的控制器中,我定义了他的行为
/**
* @Route("/inscription", name="security")
*/
public function inscription(Request $request, ObjectManager $manager, UserPasswordEncoderInterface $encoder)
{
$user= new User();
$form = $this->createForm(UserType::class, $user);
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
$hash = $encoder->encodePassword($user, $user->getPassword());
$user->setPassword($hash);
$manager->persist($user);
$manager->flush();
return $this->redirectToRoute('security_login');
}
return $this->render('security/inscrie.html.twig', [
'form' => $form->createView(),
]);
}
/**
* @Route("/login", name="security_login")
*/
public function login(AuthenticationUtils $authenticationUtils)
{
$error = $authenticationUtils->getLastAuthenticationError();
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('security/login.html.twig', [
'last_username'=>$lastUsername,
'error' =>$error
]);
}
用户类型.php
<?php
namespace AppForm;
use AppEntityUser;
use SymfonyComponentFormAbstractType;
use SymfonyComponentFormFormBuilderInterface;
use SymfonyComponentOptionsResolverOptionsResolver;
use SymfonyComponentFormExtensionCoreTypeChoiceType;
use SymfonyComponentFormExtensionCoreTypePasswordType;
class UserType extends AbstractType
{
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add('email')
->add('name')
->add('password', PasswordType::class)
->add('password_confirme', PasswordType::class)
->add('roles', ChoiceType::class, [
'label' =>'Role',
'placeholder'=>'',
'multiple'=>true,
'choices' =>[
'Administrateur'=>'ROLE_ADMIN',
'Traiteur ' =>'ROLE_SOUSCOMMISSION',
],
])
;
}
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults([
'data_class' => User::class,
]);
}
}
用户.php
<?php
namespace AppEntity;
use DoctrineORMMapping as ORM;
use SymfonyComponentValidatorConstraintsEqualTo;
use SymfonyComponentValidatorConstraints as Assert;
use SymfonyComponentSecurityCoreUserUserInterface;
/**
* @ORMEntity(repositoryClass="AppRepositoryUserRepository")
*/
class User implements UserInterface
{
/**
* @ORMId()
* @ORMGeneratedValue()
* @ORMColumn(type="integer")
*/
private $id;
/**
* @ORMColumn(type="string", length=255)
*/
private $name;
/**
* @ORMColumn(type="string", length=255)
* @AssertEqualTo(propertyPath= "password_confirme")
*/
private $password;
/**
* @AssertEqualTo(propertyPath= "password", message="Vous n'avez pas taper le meme mot de passe")
*/
public $password_confirme;
/**
* @ORMColumn(type="string", length=255)
*/
private $email;
/**
* @ORMColumn(type="array", nullable=true)
*/
private $roles = [];
public function getId(): ?int
{
return $this->id;
}
public function getName(): ?string
{
return $this->name;
}
public function setName(string $name): self
{
$this->name = $name;
return $this;
}
public function getPassword(): ?string
{
return $this->password;
}
public function setPassword(string $password): self
{
$this->password = $password;
return $this;
}
public function getEmail(): ?string
{
return $this->email;
}
public function setEmail(string $email): self
{
$this->email = $email;
return $this;
}
public function getUserName(){}
public function eraseCredentials(){}
public function getSalt(){}
public function getRoles(){
return $this->roles;
}
public function setRoles(?array $roles): self
{
$this->roles = $roles;
return $this;
}
}
当我尝试连接角色时,ROLE_SOUCOMMISSION我有一个类型错误访问被拒绝。 请帮忙!!
这是因为/admin/traitement在/admin下,所以不可能转到此页面,因为您需要角色ROLE_ADMIN才能转到/admin及之后。您需要反转它们或使用角色ROLE_SOUSCOMMISSION设置/admin
只需更改 security.yaml 中访问控制的位置即可将用户的访问权限添加到具有ROLE_SOUSCOMMISSION,因为:
Symfony从列表的顶部开始,并在找到第一个匹配项时停止。
文档 : access_control
access_control:
- { path: ^/admin/traitement, roles: ROLE_SOUSCOMMISSION }
- { path: ^/admin, roles: ROLE_ADMIN }
谢谢