通过以下方式搜索 
curiosity26 / acl-helper-bundle
允许直接查询具有隐式ACL的实体
V1.2.12
2019-12-03 14:44 UTC
Requires
- php: ^7.1
- doctrine/doctrine-bundle: ^1.9
- doctrine/orm: ^2.6
- symfony/acl-bundle: ^1.0
- symfony/class-loader: ^3.4
- symfony/framework-bundle: ^4.1.12
Requires (Dev)
- ext-pdo_sqlite: ^7.2
- doctrine/data-fixtures: ^1.3
- ocramius/proxy-manager: ^2.2
- phpunit/phpunit: ^7.4
- symfony/phpunit-bridge: ^4.1
- theofidry/alice-data-fixtures: ^1.1
This package is auto-updated.
Last update: 2024-08-29 04:20:16 UTC
README
此bundle是为了在查询实体时应用ACL而创建的;避免查询后的迭代。这有助于分页和同时处理多个记录的安全性。
查询不适用于关联。建议您自己处理可能需要应用ACL的任何深层关联的查询。
在查询时也不考虑字段级别安全。处理字段级别安全取决于您和您的应用程序。
示例
在这个示例中,让我们假设我们有一个由user1拥有的实体,具有ROLE_ADMIN角色的用户可以编辑、删除和查看,ROLE_USER用户只能查看。
<?php namespace App\Controller; use Curiosity26\AclHelperBundle\Helper\AclHelper; use Curiosity26\AclHelperBundle\Tests\Entity\TestObject; use Symfony\Component\Security\Acl\Permission\BasicPermissionMap; class MyController extends FOSRestController implements ClassResourceInterface { /** * @var AclHelper */ private $aclHelper; public function __construct(AclHelper $aclHelper) { $this->aclHelper = $aclHelper; } /** * @Rest\View() * @return TestObject[] */ public function cgetAction() { // Get all of the TestObjects this user can view $agent = $this->aclHelper->createAgent(TestObject::class); $permMap = new BasicPermissionMap(); $builder = $permMap->getMaskBuilder(); $masks = $permMap->getMasks('VIEW', null); foreach ($masks as $mask) { $builder->add($mask); } return $agent->findAll($builder->get(), $this->getUser()); } }
ACL管理器
为了更容易构建ACL,创建了ACL管理器。它基本上是一个链包装器,允许查找/创建ACL和插入、更新或删除ACE。
示例
<?php namespace App\Controller; use Curiosity26\AclHelperBundle\Helper\AclHelper; use Curiosity26\AclHelperBundle\Tests\Entity\TestObject; use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity; use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity; use Symfony\Component\Security\Acl\Permission\MaskBuilder; class MyController extends FOSRestController implements ClassResourceInterface { /** * @var AclHelper */ private $aclHelper; public function __construct(AclHelper $aclHelper) { $this->aclHelper = $aclHelper; } public function postAction(TestObject $object) { $manager = $this->getDoctrine()->getManager(); $manager->persist($object); $aclManager = $this->aclHelper->createAclManager(); // The current user needs to be the owner // The ROLE_ADMIN must have view, edit, delete permissions // ROLE_USER users should be able to view $aclManager->aclFor($object) ->insertObjectAce(UserSecurityIdentity::fromAccount($this->getUser()), MaskBuilder::MASK_OWNER) ->insertObjectAce( new RoleSecurityIdentity('ROLE_ADMIN'), MaskBuilder::MASK_VIEW | MaskBuilder::MASK_EDIT | MaskBuilder::MASK_DELETE ) ->insertObjectAce(new RoleSecurityIdentity('ROLE_USER'), MaskBuilder::MASK_VIEW) ->save() ; return $this->view(null, 201); } }