发表新帖
发表新帖

How can I check other users or role permissions in the template? symfony2

后端 未结
关注
2 660
星月不相逢
星月不相逢 2021-02-02 03:04

I\'m building this user manager, where admins can change permission of a group or user. I don\'t want to use the FOS user bundle, because I want to customize alot.

I fou

相关标签:
2条回答
  • 面向向阳花
    2021-02-02 03:25

    I finally found a way to do this, its probably not the most efficient way of doing this but it works and is the only way I know of doing this, as no-one knows how to achieve this till now.

    First I have a default user for every group, who cannot log in( a dummy user with the default permissions for the group ) - I get the Security ID for the default user:

    $defaultUser = $this->getDoctrine()
    ->getRepository('TdfUserBundle:User')
    ->findOneByUsername('-default-'.$group->getCode());

$sid = UserSecurityIdentity::fromAccount($defaultUser);

    I create an array of permisisons to check for and set some empty arrays, and load the problematic.acl_manager

    $permissionsToCheck = array('VIEW', 'EDIT', 'CREATE', 'DELETE', 'OPERATOR', 'MASTER', 'OWNER');
$aclManager = $this->get('problematic.acl_manager');

    Then I loop through the objects that I want to check the permission for, and check the permissions I set before in the $permissionsToCheck var. I check the permissions for the default user. The result is put in a array that I send to the template.

    foreach($forumCategories as $forumCategory) :
    $permissionArray[] = $this->checkPermissions($sid, $forumCategory, $permissionsToCheck, '');
endforeach;

    The checkPermissions function returns an array of the permissions and some stuff I need from the Object given.

    private function checkPermissions($sid, $object, $permissionsToCheck, $type) 
{
    $aclProvider = $this->get('security.acl.provider');
    $oid = ObjectIdentity::fromDomainObject($object);
    try {
        $acl = $aclProvider->createAcl($oid);
    }catch(\Exception $e) {
        $acl = $aclProvider->findAcl($oid);
    }
    $aclProvider->updateAcl($acl);
    foreach ($permissionsToCheck as $permissionCode):
        $permissionVar = 'can'.$permissionCode;
        $builder = new MaskBuilder();
        $builder->add($permissionCode);
        $mask = $builder->get();
        try {
            $$permissionVar = $acl->isGranted(array($mask),array($sid));
        } catch(\Exception $e) {
            $$permissionVar = false;
        }
        $tempPermissionsArray[$permissionCode] = $$permissionVar;
    endforeach;

    $returnArray = array('id' => $object->getId(),'title' => $object->getTitle(),'slug' => $object->getSlug(),'type' => $type, 'permissions' => $tempPermissionsArray);
    return $returnArray;

}

    After the POST of the form I check what Object has its permissions changed, If so I loop through all users in the group. For each user,revoke permissions,then get all the groups( default user for the group ). check per group(default user) permission, check what permissions to activate and give the user the correct permissions.

    Here I set all permissions to false and then loop through all roles/groups(default users) and see if the permission should be set.

     foreach($array['permissions'] as $permissionCode => $test ):
        $$permissionCode = false;
    endforeach;

    foreach($user->getRoles() as $role):
        $role   = str_replace('ROLE_', '', $role);

        $defaultUser = $this->getDoctrine()
            ->getRepository('TdfUserBundle:User')
            ->findOneByUsername('-default-'.$role);
        $sid = UserSecurityIdentity::fromAccount($defaultUser);


        // See all permissions
        foreach($array['permissions'] as $permissionCode => $test ):
            $builder = new MaskBuilder();
            $builder->add($permissionCode);
            $mask = $builder->get();
            try {
                $isGranted = $acl->isGranted(array($mask),array($sid));
                if($isGranted):
                    $$permissionCode = true;
                endif;
            } catch(\Exception $e) {

            }
        endforeach;
    endforeach;

    After this I know what rights the user should have and then give the account all the rights:

    $aclManager = $this->get('problematic.acl_manager');

$aclManager->revokeAllObjectPermissions($object, $user);

$mapping = array(
        'VIEW'      => MaskBuilder::MASK_VIEW,
        'EDIT'      => MaskBuilder::MASK_EDIT,
        'CREATE'    => MaskBuilder::MASK_CREATE,
        'UNDELETE'  => MaskBuilder::MASK_UNDELETE,
        'DELETE'    => MaskBuilder::MASK_DELETE,
        'OPERATOR'  => MaskBuilder::MASK_OPERATOR,
        'MASTER'    => MaskBuilder::MASK_MASTER,
        'OWNER'     => MaskBuilder::MASK_OWNER,
    );
foreach($array['permissions'] as $permissionCode => $test ):
    if($$permissionCode):
        $mask = $mapping[$permissionCode];
        $aclManager->addObjectPermission($object, $mask, $user);
    endif;
endforeach;
    0 讨论(0)
  • 星月不相逢
    2021-02-02 03:29

    You can check if the current user has a role by twig by using the function is_granted

    {% if is_granted('ROLE_USER') %}
  {{ app.user.username }}
{% endif %}

    Getting the current users roles array in twig:

    {{ app.user.roles }}

    If you are wanting to display from a collection of users, you can do something like this (assuming collection passed as users)

    {% for user in users %}
  <p>
     {{ user.username }}:
     {% for role in user.roles %}
      {{ role }}
     {% endfor %}
  </p>
{% endfor %}
    0 讨论(0)
 看不清?
提交回复
热议问题