我正在尝试实现自定义选民。

从 Controller 我这样称呼它:

$prj = $this->getDoctrine()->getRepository('AppBundle:Project')->findOneById($id);
if (false === $this->get('security.authorization_checker')->isGranted('responsible', $prj)) {
    throw new AccessDeniedException('Unauthorised access!');
}

第一行正确检索 Project 对象(我使用转储进行了检查)。

问题发生在选民内部
<?php
namespace AppBundle\Security\Authorization\Voter;

use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\User\UserInterface;


class ProjectVoter implements VoterInterface
{
    const RESPONSIBLE = 'responsible';
    const ACCOUNTABLE = 'accountable';
    const SUPPORT = 'support';
    const CONSULTED = 'consulted';
    const INFORMED = 'informed';

    public function supportsAttribute($attribute)
    {
        return in_array($attribute, array(
            self::RESPONSIBLE,
            self::ACCOUNTABLE,
            self::SUPPORT,
            self::CONSULTED,
            self::INFORMED,
        ));
    }

    public function supportsClass($class)
    {
        $supportedClass = 'AppBundle\Entity\Project';

        return $supportedClass === $class || is_subclass_of($class, $supportedClass);
    }

    /**
     * @var \AppBundle\Entity\Project $project
     */
    public function vote(TokenInterface $token, $project, array $attributes)
    {
        // check if class of this object is supported by this voter
        if (!$this->supportsClass(get_class($project))) {
            return VoterInterface::ACCESS_ABSTAIN;
        }

        // check if the voter is used correct, only allow one attribute
        // this isn't a requirement, it's just one easy way for you to
        // design your voter
        if (1 !== count($attributes)) {
            throw new \InvalidArgumentException(
                'Only one attribute is allowed'
            ); //in origin it was 'for VIEW or EDIT, which were the supported attributes
        }

        // set the attribute to check against
        $attribute = $attributes[0];

        // check if the given attribute is covered by this voter
        if (!$this->supportsAttribute($attribute)) {
            return VoterInterface::ACCESS_ABSTAIN;
        }

        // get current logged in user
        $user = $token->getUser();

        // make sure there is a user object (i.e. that the user is logged in)
        if (!$user instanceof UserInterface) {
            return VoterInterface::ACCESS_DENIED;
        }

        $em = $this->getDoctrine()->getManager();
        $projects = $em->getRepository('AppBundle:Project')->findPrjByUserAndRole($user, $attribute);

        foreach ($projects as $key => $prj) {
            if ($prj['id'] === $project['id'])
                {
                $granted = true;
                $index = $key; // save the index of the last time a specifif project changed status
                }
            }
        if($projects[$index]['is_active']===true) //if the last status is active
            return VoterInterface::ACCESS_GRANTED;
        else
            return VoterInterface::ACCESS_DENIED;
    }
}

我收到以下错误



我知道 Controller 扩展了 Controller ,这就是为什么我可以在那里使用“getDoctrine”。如何从 Voter 内部访问我的数据库?

最佳答案

我解决了。这很奇怪:我花了几个小时或几天来解决一个问题,然后在这里发布一个问题,然后我在一个小时内自己解决了:/

我需要在我的选民课中添加以下内容:

public function __construct(EntityManager $em)
{
    $this->em = $em;
}

我需要在顶部添加以下内容:
use Doctrine\ORM\EntityManager;

我还需要在 service.yml 中添加参数
security.access.project_voter:
    class:      AppBundle\Security\Authorization\Voter\ProjectVoter
    arguments: [ @doctrine.orm.entity_manager ]
    public:     false
    tags:
       - { name: security.voter }

关于Symfony2自定义选民: cannot have access to getDoctrine from inside the Voter,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/27509363/

10-13 23:16