【发布时间】:2016-12-30 09:57:48
【问题描述】:
我有带有注释* @Security("is_granted('PERM_MODULE_OUTBOUND_INVOICES_READ')") 的控制器,我在这个控制器中为某些操作编写测试,创建用户和登录,当这个操作的调用路由有错误时
Expression "is_granted('PERM_MODULE_OUTBOUND_INVOICES_READ')" denied access.
当给用户PERM_MODULE_OUTBOUND_INVOICES_READ添加角色时,访问仍然被拒绝
当评论 tgis 并在行动中检查当前用户被授予 true
/**
* @Route("/manage/new_outbound_invoices", name="new_outbound_invoices")
*/
public function outBoundInvoiceListsAction(Request $request)
{
$check = $this->get('security.authorization_checker')
->isGranted('PERM_MODULE_OUTBOUND_INVOICES_READ', $this->getUser());
但是由于安全注释访问被拒绝,为什么不明白 这是我的测试
$user = $this->user;
$this->logIn($user);
//$t = $this->getContainer()->get('security.context')->getToken(); try get token and have null, but in action have user from session
$this->client->setServerParameter('HTTP_HOST', 'erp.houseoptima.fi.local');
$crawler = $this->client->request('GET', '/economy/manage/new_outbound_invoices');
这个功能用于登录
public function logIn(User $user)
{
$session = $this->client->getContainer()->get('session');
$firewall = 'main';
$token = new UsernamePasswordToken($user, null, $firewall, $user->getRoles());
$session->set('_security_'.$firewall, serialize($token));
$session->save();
$cookie = new Cookie($session->getName(), $session->getId());
$this->client->getCookieJar()->set($cookie);
}
这种安全性有什么问题?带有注释错误 403 而没有 200 并且当签入操作被授予时,用户拥有 true
【问题讨论】: