问题
I have two roles in my system: users and admins. By default, when someone logs in as an user or an admin, he can modify his own password using the implemented forms of FOSUserBundle. But I'd like to forbid the users to change their own password, having to request it to the admin, so then the admin would reset it, either introducing a new one chosen by the admin, either generating a random one. I'd also like to send and a email to the user telling him that his passwd has changed and he has to use the new one from now on. But I cannot find how do that. Any help?
回答1:
If you want an admin to change another user's password, you can use your own form:
class UserType extends AbstractType
{
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add('username', TextType::class, array(
'required' => true,
'label' => "Username "
))
->add('email', TextType::class, array(
'required' => true,
'label' => "Adresse email "
))
->add('plainPassword', RepeatedType::class, array(
'type' => PasswordType::class,
'options' => array('translation_domain' => 'FOSUserBundle'),
'first_options' => array('label' => 'form.password'),
'second_options' => array('label' => 'form.password_confirmation'),
'invalid_message' => 'fos_user.password.mismatch',
))
->add('roles', ChoiceType::class, array(
'required' => true,
'choices' => array('Salarié' => 'ROLE_SALARIE', 'Admin' => 'ROLE_ADMIN'),
'multiple' => true,
'expanded'=>true,
'label' => "Rôle ",
'label_attr' => array('class' => 'checkbox-inline')
))
;
}
//...
And then, in your controller:
public function updateAction(Request $request, Member $user)
{
$em = $this->getDoctrine()->getManager();
$form = $this->createEditForm($user);
$form->handleRequest($request);
if ($form->isValid()) {
$userManager = $this->container->get('fos_user.user_manager');
$userManager->updatePassword($user);
$em->flush();
回答2:
You can prevent users from changing their password by removing the fos_user_change_password and fos_user_resetting routes in your app/config/routing.yml file. This way neither users nor admin will be able to change their own password through the /profile page.
Then you will need to create a secured controller action that allows admin to change passwords and send the email. In order to do that you can use FOSUserBundle UserManager and its setPlainPassword() method.
Take a look at the documentation:
Symfony2 Security
FOSUserBundle User Manager
How to send an Email
来源:https://stackoverflow.com/questions/15042988/change-password-of-another-user-using-fosuserbundle