限制用户角色对产品状态的访问

Question

我有两个问题1，我想根据用户角色显示订单状态，例如如果

订单表我有 3 个状态“待处理”、“已接收”、“已取消”，数据类型为“枚举”。我有用户角色。在同一页面上，我使用 vichbundle 成功上传了一张图片，但我看不到它

“USER_ADMIN”和“USERS_PRODUCT” 例如，如果条件如下。

if(USER_ADMIN)
{
  SHOW pending and cenceled products
}elseif(USERS_PRODUT){
   SHOW Received 
}

ProductCrudeController

use App\Entity\Items;
use App\Entity\Users;
use App\Entity\Orders;
use App\Entity\Orderstatus;
use App\Entity\Shippingorder;
use App\Entity\Purchasedorder;
use App\Entity\Shippingcompany;
use EasyCorp\Bundle\EasyAdminBundle\Config\Crud;
use EasyCorp\Bundle\EasyAdminBundle\Config\Action;
use EasyCorp\Bundle\EasyAdminBundle\Field\IdField;
use EasyCorp\Bundle\EasyAdminBundle\Config\Actions;
use EasyCorp\Bundle\EasyAdminBundle\Config\Filters;
use EasyCorp\Bundle\EasyAdminBundle\Field\DateField;
use EasyCorp\Bundle\EasyAdminBundle\Field\AssociationField;
use EasyCorp\Bundle\EasyAdminBundle\Controller\AbstractCrudController;
use EasyCorp\Bundle\EasyAdminBundle\Field\TextField;
use Vich\UploaderBundle\Form\Type\VichFileType;


class PurchasedorderCrudController extends AbstractCrudController
{
    public static function getEntityFqcn(): string
    {
        return Purchasedorder::class;
    }

    
    public function configureFields(string $pageName): iterable
    {
        return [
            //IdField::new('id'),
            DateField::new('purchaseddate'),
            AssociationField::new('items'),

            //AssociationField::new('orders'),
            //AssociationField::new('orders.shippingorder')
           // AssociationField::new('Shippingcompany'),
            
           
        ];
    }
    

    public function configureActions(Actions $actions): Actions
{
    //return $actions->setPermission(Action::NEW, 'ROLE_ADMIN')
        //->setPermission(Action::DELETE, 'ROLE_SUPER_ADMIN')
    //;
    return $actions
        // ...
        ->add(Crud::PAGE_INDEX, Action::DETAIL);
        //$viewInvoice = Action::new('viewInvoice');
        $viewInvoice = Action::new('viewInvoice', 'Invoice', 'fa fa-file-invoice')
            ->linkToCrudAction('renderInvoice');
            return $actions
            // ...
            ->add(Crud::PAGE_DETAIL, $viewInvoice);
}

public function configureCrud(Crud $crud): Crud
{
    
    return $crud
        // ...
        ->showEntityActionsAsDropdown()
    ;
}

public function configureFilters(Filters $filters): Filters
{
    return $filters
        ->add('orders')
        
    ;
}

提前谢谢你

Answer 1

Restrict Access to Actions

使用setPermission() 方法定义查看操作链接/按钮所需的安全权限：

public function configureActions(Actions $actions): Actions
{
    $viewPending = Action::new('pending', 'View preding', 'fa fa-file-invoice')
        ->linkToCrudAction('renderPending');

    $viewRecieved = Action::new('recieved', 'View recieved', 'fa fa-file-invoice')
        ->linkToCrudAction('renderRecieved');
    ...

    return $actions
        // ...
        ->add(Crud::PAGE_DETAIL, $viewInvoice)
        // use the 'setPermission()' method to set the permission of actions
        // (the same permission is granted to the action on all pages)
        ->setPermission('pending', 'USER_ADMIN')

        // ...
        ->add(Crud::PAGE_DETAIL, $viewRecieved)
        // use the 'setPermission()' method to set the permission of actions
        // (the same permission is granted to the action on all pages)
        ->setPermission('recieved', 'USER_PRODUCT')
    ;
}