当前位置: 文江博客话题详情

sfguard 上的高级/动态权限 - symfony

发布于 2024-10-03 05:36:05 字数 238 浏览 3 评论 0原文

我有一个 symfony 项目,想添加社区功能。

每个人都可以以管理员身份打开社区并邀请人们加入社区。

管理员比普通社区用户拥有更多的权限。

问题是,我想使用 Syfony 的 sfguarduser、sfguardgroup、sfguardpermission

  1. 为此目的使用 sfguard 架构是否有意义?
  2. 如何检查特定用户是否对特定组具有特定权限?
原文

I have a symfony project and would like to add communities feature.

Everyone can open a community as an admin and invites people to join the community.

Admin has more permissions than a regular community user.

The thing is, I want to user Syfony's sfguarduser, sfguardgroup, sfguardpermission

  1. Does it make any sense to use the sfguard architecture for that purpose?
  2. how do I check if a specific user has a spcecific permission on a specific group?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

酒解孤独 2024-10-10 05:36:05

嘿,这会对你有一点帮助;)

动作内部:

  class myAccountActions extends sfActions
{
  public function executeDoThingsWithCredentials()
  {
    $user = $this->getUser();

    // Check if the user has a credential
    echo $user->hasCredential('foo');                      =>   true

    // Check if the user has both credentials
    echo $user->hasCredential(array('foo', 'bar'));        =>   true

    // Check if the user has one of the credentials
    echo $user->hasCredential(array('foo', 'bar'), false); =>   true

    // Remove a credential
    $user->removeCredential('foo');
    echo $user->hasCredential('foo');                      =>   false

    // Remove all credentials (useful in the logout process)
    $user->clearCredentials();
    echo $user->hasCredential('bar');                      =>   false
  }
}

层内:

     <?php if ($sf_user->hasCredential('section3')): ?>
  ....
  <?php endif; ?>

你可以考虑另外使用:

if($user->hasGroup('SOME_GROUP'))

来源:层内的 Symfony

Hey, this will help you a little ;)

Inside the action :

  class myAccountActions extends sfActions
{
  public function executeDoThingsWithCredentials()
  {
    $user = $this->getUser();

    // Check if the user has a credential
    echo $user->hasCredential('foo');                      =>   true

    // Check if the user has both credentials
    echo $user->hasCredential(array('foo', 'bar'));        =>   true

    // Check if the user has one of the credentials
    echo $user->hasCredential(array('foo', 'bar'), false); =>   true

    // Remove a credential
    $user->removeCredential('foo');
    echo $user->hasCredential('foo');                      =>   false

    // Remove all credentials (useful in the logout process)
    $user->clearCredentials();
    echo $user->hasCredential('bar');                      =>   false
  }
}

Inside the layer :

     <?php if ($sf_user->hasCredential('section3')): ?>
  ....
  <?php endif; ?>

You might consider using in addition :

if($user->hasGroup('SOME_GROUP'))

Source : Symfony inside the layer

回复 原文
同展鸳鸯锦 2024-10-10 05:36:05

为此目的使用 sfguard 架构是否有意义?

当然,但您需要稍微修复一下。默认情况下,Symfony 在会话中存储凭证,这意味着它们在会话过期之前不会失效。当您希望通过将某人添加到组或授予他们权限来立即看到效果时,这是一个大问题。

要解决此问题,您需要执行以下操作之一:

  • 在每个请求时加载凭据,而不是在登录时加载凭据。
  • 当用户的凭据更改时,可以通过 APC 中的全局缓存设置使它们失效(您正在使用 APC,对吗?)或用户个人资料上的设置。

无论哪种方式,您都必须熟悉 Symfony 和 sfGuardDoctrine 用户系统。查看 sfGuardSecurityUser::signIn,以便您熟悉凭据默认情况下的工作方式。

如何检查特定用户是否对特定组具有特定权限?

Tristan 对此进行了非常全面的介绍。您还需要查看 sfDoctrineGuard 自述文件。请注意,对于登录用户实时发生凭据更改的任何解决方案,您需要覆盖 Tristan 列出的大多数(如果不是全部)方法来执行某种失效。

另外,请查看此相关问题,它可能会有所帮助。

Does it make any sense to use the sfguard architecture for that purpose?

Absolutely, but you'll need to fix it up a little bit. By default, Symfony stores credentials on the session, which means that they won't get invalidated until your session expires. This is a big issue when you expect to see an immediate effect by adding someone to a group or granting them a permission.

To fix this, you'll want to do one of the following:

  • Load the credentials on every request, rather than on sign in.
  • When a user's credentials change, invalidate them either via a global cache setting in APC (you are using APC, right?) or a setting on the user's profile.

Either way, you're going to have to get familiar with Symfony and sfGuardDoctrine user system. Take a look at sfGuardSecurityUser::signIn so you're familiar with how credentials work by default.

How do I check if a specific user has a spcecific permission on a specific group?

Tristan covered this pretty thoroughly. You'll also want to take a look at the sfDoctrineGuard readme. Note that for any solution in which credential changes happen live for signed in user's, you'll need to override most if not all of the methods listed by Tristan to perform some sort of invalidation.

Also, check out this related question, it may be helpful.

回复 原文
~没有更多了~

关于作者

揽清风入怀

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文