Symfony4 SwitchUserSubscriber 不区分两个用户
Symfony4 SwitchUserSubscriber doesn't distinguish between two users
在我的 S4 应用程序中,我需要超级用户的切换用户 "functionality"。我有一个带有自动完成功能的表单输入来搜索用户(仅适用于 ROLE_SUPERADMIN),但我想禁止用户冒充自己。我已经实现了这个事件订阅者,但是对于 $currentUser 和 $targetUser,它 return 具有相同的身份(目标身份)。我哪里错了?
<?php
namespace App\EventSubscriber;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Http\Event\SwitchUserEvent;
class SwitchUserSubscriber implements EventSubscriberInterface
{
public function onSecuritySwitchUser(SwitchUserEvent $event)
{
$currentUser = $event->getToken()->getUser();
$targetUser = $event->getTargetUser();
if($currentUser->getUsername() == $targetUser->getUsername()){
throw new UnsupportedUserException("You can't impersonate yourself");
}
}
public static function getSubscribedEvents()
{
return [
'security.switch_user' => 'onSecuritySwitchUser',
];
}
}
有没有更好的方法来实现这个?
好的,找到解决方案,阅读代码注释以获得解释
namespace App\EventSubscriber;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Http\Event\SwitchUserEvent;
use Symfony\Component\Security\Core\Role\SwitchUserRole;
class SwitchUserSubscriber implements EventSubscriberInterface
{
/**
* @param SwitchUserEvent $event
*/
public function onSecuritySwitchUser(SwitchUserEvent $event)
{
// Current user initialized to null
$currentUser = null;
// Gets all the roles in switching phase
$roles = $event->getToken()->getRoles();
// Cycles between roles
foreach($roles as $role) {
// SwitchUserRole it's a role of the impersonating user
// The if statement doesn't happen in switch exit
if ($role instanceof SwitchUserRole) {
// Recupera l'uente
$currentUser = $role->getSource()->getUser();
}
}
// Impersonated user
$targetUser = $event->getTargetUser();
// If you wann be yourself raises an exception
if(null !== $currentUser && ($currentUser->getUsername() == $targetUser->getUsername())){
throw new UnsupportedUserException("You can't impersnate yourself");
}
}
public static function getSubscribedEvents()
{
return [
'security.switch_user' => 'onSecuritySwitchUser',
];
}
}
在我的 S4 应用程序中,我需要超级用户的切换用户 "functionality"。我有一个带有自动完成功能的表单输入来搜索用户(仅适用于 ROLE_SUPERADMIN),但我想禁止用户冒充自己。我已经实现了这个事件订阅者,但是对于 $currentUser 和 $targetUser,它 return 具有相同的身份(目标身份)。我哪里错了?
<?php
namespace App\EventSubscriber;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Http\Event\SwitchUserEvent;
class SwitchUserSubscriber implements EventSubscriberInterface
{
public function onSecuritySwitchUser(SwitchUserEvent $event)
{
$currentUser = $event->getToken()->getUser();
$targetUser = $event->getTargetUser();
if($currentUser->getUsername() == $targetUser->getUsername()){
throw new UnsupportedUserException("You can't impersonate yourself");
}
}
public static function getSubscribedEvents()
{
return [
'security.switch_user' => 'onSecuritySwitchUser',
];
}
}
有没有更好的方法来实现这个?
好的,找到解决方案,阅读代码注释以获得解释
namespace App\EventSubscriber;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Http\Event\SwitchUserEvent;
use Symfony\Component\Security\Core\Role\SwitchUserRole;
class SwitchUserSubscriber implements EventSubscriberInterface
{
/**
* @param SwitchUserEvent $event
*/
public function onSecuritySwitchUser(SwitchUserEvent $event)
{
// Current user initialized to null
$currentUser = null;
// Gets all the roles in switching phase
$roles = $event->getToken()->getRoles();
// Cycles between roles
foreach($roles as $role) {
// SwitchUserRole it's a role of the impersonating user
// The if statement doesn't happen in switch exit
if ($role instanceof SwitchUserRole) {
// Recupera l'uente
$currentUser = $role->getSource()->getUser();
}
}
// Impersonated user
$targetUser = $event->getTargetUser();
// If you wann be yourself raises an exception
if(null !== $currentUser && ($currentUser->getUsername() == $targetUser->getUsername())){
throw new UnsupportedUserException("You can't impersnate yourself");
}
}
public static function getSubscribedEvents()
{
return [
'security.switch_user' => 'onSecuritySwitchUser',
];
}
}