我正在通过配置字段集使用工厂和指定的表单结构创建一个表单。
但是,具有">admin"角色的用户可以编辑包含实体所有字段的表单,而普通用户">client"仅编辑几个字段。这就是为什么我必须从控制器的字段集中删除元素。
$this->form->getBaseFieldset()->remove('name');
$this->form->getBaseFieldset()->remove('title');
$this->form->getBaseFieldset()->remove('message');`
是否可以在字段集或表单配置中指定必须添加或删除的角色元素?
class ZoneDefaultElement extends Fieldset implements InputFilterProviderInterface
{
public function __construct($name, $entity)
{
parent::__construct($name);
$this->add([
'name' => 'title',
'type' => ElementText::class,
'attributes' => [
'class' => 'form-control',
],
'options' => [
'label' => 'Title',
'label_attributes' => [
'class' => 'col-sm-2 control-label required',
],
],
], ['priority' => 1])
};
}
构造
函数的第二个参数可以是任何参数(实际上,如果没有给出,它Fieldset它是一个空的array(,所以你应该能够只传入一个项目数组来使用:
class ZoneDefaultElement extends Fieldset implements InputFilterProviderInterface
{
public function __construct($name, $options)
{
parent::__construct($name);
$entity = $options['entity'];
$user = $options['user'];
// Standard element
$this->add([
'name' => 'title',
'type' => ElementText::class,
'attributes' => [
'class' => 'form-control',
],
'options' => [
'label' => 'Title',
'label_attributes' => [
'class' => 'col-sm-2 control-label required',
],
],
], ['priority' => 1]);
if ($user->isAdmin()) {
// Add "admin-only" elements
}
};
}
上面提供的解决方案还可以。如果系统不是很大并且形式包含的元素很少,则可以维护它。由于票价和系统有点复杂,我决定提供更多的OOP解决方案。
class ZoneDefaultElement extends Fieldset implements InputFilterProviderInterface
{
public function __construct($name, $entity)
{
parent::__construct($name);
$this->add([
'name' => 'title',
'options' => [
'label' => 'Title',
],
], ['priority' => 1, 'access' => ['allow' => ['admin'])
}
};
拒绝配置将是这样的:
$this->add([
'name' => 'message',
'options' => [
'label' => 'Message',
],
], ['priority' => 1, 'access' => ['deny' => ['guest'])
和自定义字段集之间又添加了一层:
class ExtendedFieldset extends Fieldset
{
public $formMiddleware;
public function __construct($name = null, $options = array())
{
parent::__construct($name);
}
public function add($elementOrFieldset, array $flags = [])
{
if (array_key_exists('access', $flags)) {
if(!$this->getFormMiddleware()->filter($flags['access'])){
return false;
};
}
parent::add($elementOrFieldset, $flags);
}
public function setFormMiddleware(FormMiddleware $formMiddleware)
{
$this->formMiddleware = $formMiddleware;
}
public function getFormMiddleware()
{
if (!$this->formMiddleware) {
throw new InvalidArgumentException("FormMiddleware not specified");
}
return $this->formMiddleware;
}
}
现在我们必须从这个扩展的Fiedset女巫覆盖父add((方法扩展,并为实现过滤器逻辑的中间件提供setter和getter。
class UserFieldset extends ExtendedFieldset implements InputFilterProviderInterface
{
private $entityManager;
public function __construct(EntityManager $entity, FormMiddleware $formMiddleware)
{
$this->setFormMiddleware($formMiddleware);
parent::__construct('fieldset');
$this->add([
'name' => 'email',
'type' => ElementEmail::class,
'attributes' => [
'class' => 'form-control',
'required' => 'required',
],
'options' => [
'label' => 'Email:',
'label_attributes' => [
'class' => 'col-sm-4 control-label required',
],
],
], ['priority' => 1, ['access' => ['deny' => ['guest']]]]);
}
}
最后是表单中间件:
class FormMiddleware
{
private $authenticationService;
public function __construct(AuthenticationServiceInterface $service)
{
$this->authenticationService = $service;
}
private function getUserRole() : string
{
$this->getIdentity()->getRole();
}
public function getIdentity()
{
$identity = $this->authenticationService->getIdentity();
return $identity;
}
public function filter(array $resource = [])
{
$marker = true;
if(!empty($resource)){
if(array_key_exists('deny', $resource)){
if(in_array($this->getUserRole(), $resource['deny'])){
$marker = false;
}else{
$marker = true;
}
}
if(array_key_exists('allow', $resource)) {
if(in_array($this->getUserRole(), $resource['allow'])){
$marker = true;
}else{
$marker = false;
}
}
}
return $marker;
}
}
这取决于项目结构,我希望一个想法是清楚的......