【问题标题】:Symfony 4.4 Easyadmin: set permissions to access only my owned entitiesSymfony 4.4 Easyadmin:设置权限以仅访问我拥有的实体
【发布时间】:2020-08-20 00:18:56
【问题描述】:

我有一个同事实体,它与用户实体具有多对一的关系。 我只想能够访问附加到已识别用户的同事。 这适用于所有 CRUD 权限:列出、编辑、更新、删除。

我尝试了很多东西,比如 easy_admin.yaml 中的 DQL 过滤器,但我无法获得经过身份验证的用户 ID。 我是 Symfony 初级,所以我不知道如何做到这一点,我必须使用 Easyadmin。 所以,看来我不能使用 ColleagueController.php。也许与 ColleagueRepository.php 一起使用? 目前,一切都在 easy_admin.yaml 中配置:

easy_admin:
   design:
      templates:
         label_null: 'null_value.html.twig'
   entities:
      Colleague:
         class: App\Entity\Colleague
         list:
            # dql_filter: "entity.user = 15"
            # dql_filter: "entity.user = '%env(AUTHENTICATED_USER)%'"
            # dql_filter: "entity.user = (SELECT id FROM user WHERE email = '%env(AUTHENTICATED_USER)%')"
            # dql_filter: "entity.user = (SELECT id FROM App\Entity\User WHERE email = 'aaa@gmail.com')"
            fields:
               - user
               - name
               - role
               - notes
               - { property: 'thumbnail', type: 'image', base_path: '%uploads_path%' }
            actions: ['show', 'edit', 'delete']
         form:
            fields:
               - user
               - name
               - role
               - notes
               - { property: 'thumbnailFile', type: 'vich_image' }
         show:
            fields:
               - user
               - name
               - role
               - notes
               - { property: 'thumbnail', type: 'image', base_path: '%uploads_path%' }

还有我的 Entity\Colleague.php:

<?php
namespace App\Entity;

use App\Repository\ColleagueRepository;
use Doctrine\ORM\Mapping as ORM;
use Vich\UploaderBundle\Mapping\Annotation as Vich;
use Symfony\Component\HttpFoundation\File\File;

/**
 * @ORM\Entity(repositoryClass=ColleagueRepository::class)
 * @Vich\Uploadable
 */
class Colleague
{
    /**
     * @ORM\Id()
     * @ORM\GeneratedValue()
     * @ORM\Column(type="integer")
     */
    private $id;

    /**
     * @ORM\ManyToOne(targetEntity=User::class, inversedBy="colleagues")
     * @ORM\JoinColumn(nullable=false)
     */
    private $user;

    /**
     * @ORM\Column(type="string", length=255)
     */
    private $name;

    /**
     * @ORM\Column(type="string", length=255, nullable=true)
     */
    private $role;

    /**
     * @ORM\Column(type="text", nullable=true)
     */
    private $notes;

    /**
     * @ORM\Column(type="string", length=255, nullable=true, options={"default": 0})
     * 
     * @var string
     */
    private $thumbnail;

    /**
     * @Vich\UploadableField(mapping="colleague_thumbnails", fileNameProperty="thumbnail")
     * 
     * @var File
     */
    private $thumbnailFile;

    /**
     * @ORM\Column(type="datetime")
     * 
     * @var \DateTime
     */
    private $createdAt;
    
    /**
     * @ORM\Column(type="datetime")
     * 
     * @var \DateTime
     */
    private $updatedAt;

    public function __construct()
    {
        $this->setCreatedAt(new \DateTime());
        $this->setUpdatedAt(new \DateTime());
        // var_dump($this->get('security.token_storage')->getToken()->getUser());
        // die;
    }

    public function getId(): ?int
    {
        return $this->id;
    }

    public function getUser(): ?User
    {
        return $this->user;
    }

    public function setUser(?User $user): self
    {
        $this->user = $user;

        return $this;
    }

    public function getName(): ?string
    {
        return $this->name;
    }

    public function setName(string $name): self
    {
        $this->name = $name;

        return $this;
    }

    public function getRole(): ?string
    {
        return $this->role;
    }

    public function setRole(?string $role): self
    {
        $this->role = $role;

        return $this;
    }

    public function getNotes(): ?string
    {
        return $this->notes;
    }

    public function setNotes(?string $notes): self
    {
        $this->notes = $notes;

        return $this;
    }

    public function getCreatedAt(): ?\DateTimeInterface
    {
        return $this->createdAt;
    }

    public function setCreatedAt(\DateTimeInterface $createdAt): self
    {
        $this->createdAt = $createdAt;

        return $this;
    }

    public function getUpdatedAt(): ?\DateTimeInterface
    {
        return $this->updatedAt;
    }

    public function setUpdatedAt(\DateTimeInterface $updatedAt): self
    {
        $this->updatedAt = $updatedAt;

        return $this;
    }


    public function getThumbnail(): ?string
    {
        return $this->thumbnail;
    }

    public function setThumbnail(?string $thumbnail): self
    {
        $this->thumbnail = $thumbnail;

        return $this;
    }

    /**
     * @return File
     */
    public function getThumbnailFile()
    {
        return $this->thumbnailFile;
    }

    /**
     * @param File|\Symfony\Component\HttpFoundation\File\UploadedFile $image
     *
     * @return User
     */
    public function setThumbnailFile(File $thumbnail = null)
    {
        $this->thumbnailFile = $thumbnail;

        if ($thumbnail) {
            $this->updatedAt = new \DateTime('now');
        }

        return $this;
    }
}

提前感谢您的宝贵帮助。

【问题讨论】:

标签: php symfony authentication rights easyadmin


【解决方案1】:

这是与 Linkedin 上提出的相同答案:easy admin advanced permissions。 (法语帖子内容) 您可以将事件订阅者与投票者结合起来,只需遵循此示例即可。 最好的问候。

【讨论】:

    【解决方案2】:

    我已经设法通过这种方式进行 Easyadmin 特定的过滤:

    config/packages/easy_admin.yaml:

    easy_admin:
       entities:
          Colleague:
             class: App\Entity\Colleague
             controller: App\Controller\ColleagueController
    

    src/Controller/ColleagueController.php:

    <?php
    
    namespace App\Controller;
    
    use Symfony\Component\Routing\Annotation\Route;
    use EasyCorp\Bundle\EasyAdminBundle\Controller\EasyAdminController;
    use Symfony\Component\Security\Core\Exception\AccessDeniedException;
    
    class ColleagueController extends EasyAdminController
    {
        protected function createListQueryBuilder($entityClass, $sortDirection, $sortField = null, $dqlFilter = null)
        {
            $result = parent::createListQueryBuilder($entityClass, $sortDirection, $sortField, $dqlFilter);
    
            if (method_exists($entityClass, 'getUser')) {
                $result->andWhere('entity.user = :user');
                $result->setParameter('user', $this->getUser());
            }
    
            return $result;
        }
    
        protected function createSearchQueryBuilder($entityClass, $searchQuery, array $searchableFields, $sortField = null, $sortDirection = null, $dqlFilter = null)
        {
            $result = parent::createSearchQueryBuilder($entityClass, $searchQuery, $searchableFields, $sortField, $sortDirection, $dqlFilter);
    
            if (method_exists($entityClass, 'getUser')) {
                $result->andWhere('entity.user = :user');
                $result->setParameter('user', $this->getUser());
            }
    
            return $result;
        }
        
        protected function createEditForm($entity, array $entityProperties)
        {
            $result = parent::createEditForm($entity, $entityProperties);
    
            if ($entity->getUser() !== $this->getUser()) {
                throw new AccessDeniedException();
            }
            
            return $result;
        }
        
        protected function showAction()
        {
            $easyadmin = $this->request->attributes->get('easyadmin');
            $entity = $easyadmin['item'];
    
            if ($entity->getUser() !== $this->getUser()) {
                throw new AccessDeniedException();
            }
    
            $result = parent::showAction();
            
            return $result;
        }
    
        protected function deleteAction()
        {
            $easyadmin = $this->request->attributes->get('easyadmin');
            $entity = $easyadmin['item'];
    
            if ($entity->getUser() !== $this->getUser()) {
                throw new AccessDeniedException();
            }
    
            $result = parent::deleteAction();
            
            return $result;
    
        }
        
        /**
         * Create a colleague.
         */
        protected function persistEntity($entity)
        {
            $entity->setUser($this->getUser());
            $result = parent::persistEntity($entity);
            
            return $result;
        }
    }
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2022-01-03
      • 2020-11-21
      • 1970-01-01
      • 1970-01-01
      • 2015-01-24
      • 2023-01-31
      相关资源
      最近更新 更多