FOSCommentBundle访问控制回复、删除和编辑评论
FOSCommentBundle access control replying,deleting and editing Comments
我已经在我的 symfony2.3 项目上成功安装了 FOSComentBundle。
我把FOSCommentBundle和FOSUserBundle集成了,然后我添加了role based ACL security.I 看到可以控制的动作是:create,view,delete,edit。
我只想为管理员显示回复按钮,但我还没有找到如何向回复事件添加访问角色。
这是我的配置文件:
acl: true
service:
acl:
thread: fos_comment.acl.thread.roles
comment: fos_comment.acl.comment.roles
vote: fos_comment.acl.vote.roles
manager:
thread: fos_comment.manager.thread.acl
comment: fos_comment.manager.comment.acl
vote: fos_comment.manager.vote.acl
acl_roles:
comment:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
thread:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
vote:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
有没有我必须覆盖的class?回复按钮有文档吗?
在查看 FOSCommentBundle 之后,我找到了解决问题的方法:
1.首先,你必须覆盖 RoleCommentAcl :
通过在 MyBundle 中创建一个名为 Acl 的文件夹。在此文件夹中,我创建了一个名为 RoleCommentAcl :
的 php class
namespace MyProject\MyBundle\Acl;
use FOS\CommentBundle\Acl\RoleCommentAcl as BaseRoleCommentAcl;
use FOS\CommentBundle\Model\CommentInterface;
use FOS\CommentBundle\Model\SignedCommentInterface;
use Symfony\Component\Security\Core\SecurityContextInterface;
class RoleCommentAcl extends BaseRoleCommentAcl {
/**
* The current Security Context.
*
* @var SecurityContextInterface
*/
private $securityContext;
/**
* Constructor.
*
* @param SecurityContextInterface $securityContext
* @param string $createRole
* @param string $viewRole
* @param string $editRole
* @param string $deleteRole
* @param string $commentClass
*/
public function __construct(SecurityContextInterface $securityContext, $createRole, $viewRole, $editRole, $deleteRole, $commentClass
) {
parent::__construct(
$securityContext, $createRole, $viewRole, $editRole, $deleteRole, $commentClass);
$this->securityContext = $securityContext;
}
/**
* Checks if the Security token has an appropriate role to edit the supplied Comment.
*
* @param CommentInterface $comment
* @return boolean
*/
public function canEdit(CommentInterface $comment) {
// the comment owner can edit the comment whenever he want.
if ($comment instanceof SignedCommentInterface) {
if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
return true;
}
}
return parent::canEdit($comment);
}
/**
* Checks if the Security token is allowed to delete a specific Comment.
*
* @param CommentInterface $comment
* @return boolean
*/
public function canDelete(CommentInterface $comment) {
// the comment owner can delete the comment
if ($comment instanceof SignedCommentInterface) {
if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
return true;
}
}
return parent::canDelete($comment);
}
/**
* Checks if the Security token is allowed to reply to a parent comment.
*
* @param CommentInterface|null $parent
* @return boolean
*/
public function canReply(CommentInterface $parent = null) {
if ($parent instanceof SignedCommentInterface) {
//only the comment owner or the admin can reply to the comment.
if ($parent->getAuthor() == $this->securityContext->getToken()->getUser() ||
$this->securityContext->isGranted('ROLE_ADMIN')) {
return true;
}
}
if($parent !=null) {
// if the user have no access to reply then return false.
return false;
}
//this ligne allow all users to post new comments.
return parent::canCreate();
}
}
2。然后你必须添加到 services.xml 访问权限:
<?xml version="1.0" ?>
<container xmlns="http://symfony.com/schema/dic/services"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
<services>
<service id="myproject.name_bundle.acl.comment.roles" class="MyProject\MyBundle\Acl\RoleCommentAcl" public="false">
<argument type="service" id="security.context" />
<argument>IS_AUTHENTICATED_ANONYMOUSLY</argument> <!-- Create role -->
<argument>IS_AUTHENTICATED_ANONYMOUSLY</argument> <!-- View role -->
<argument>ROLE_ADMIN</argument> <!-- Edit role -->
<argument>ROLE_ADMIN</argument> <!-- Delete role -->
<argument>%fos_comment.model.comment.class%</argument>
</service>
</services> </container>
PS: 如果你使用 service.yml 你可以将这个 xml 文件翻译成 yaml 但如果你想使用 services.xml 你必须将配置集更改为你的包的 DependencyInjection:
$loader = new Loader\XmlFileLoader($container, new FileLocator(__DIR__ . '/../Resources/config'));
$loader->load('services.xml');
打开您的页面,您会注意到只有评论所有者和管理员才能访问回复users.Also删除和编辑只能对评论所有者和管理员显示。
我已经在我的 symfony2.3 项目上成功安装了 FOSComentBundle。
我把FOSCommentBundle和FOSUserBundle集成了,然后我添加了role based ACL security.I 看到可以控制的动作是:create,view,delete,edit。
我只想为管理员显示回复按钮,但我还没有找到如何向回复事件添加访问角色。
这是我的配置文件:
acl: true
service:
acl:
thread: fos_comment.acl.thread.roles
comment: fos_comment.acl.comment.roles
vote: fos_comment.acl.vote.roles
manager:
thread: fos_comment.manager.thread.acl
comment: fos_comment.manager.comment.acl
vote: fos_comment.manager.vote.acl
acl_roles:
comment:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
thread:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
vote:
create: IS_AUTHENTICATED_ANONYMOUSLY
view: IS_AUTHENTICATED_ANONYMOUSLY
edit: ROLE_ADMIN
delete: ROLE_ADMIN
有没有我必须覆盖的class?回复按钮有文档吗?
在查看 FOSCommentBundle 之后,我找到了解决问题的方法:
1.首先,你必须覆盖 RoleCommentAcl :
通过在 MyBundle 中创建一个名为 Acl 的文件夹。在此文件夹中,我创建了一个名为 RoleCommentAcl :
namespace MyProject\MyBundle\Acl;
use FOS\CommentBundle\Acl\RoleCommentAcl as BaseRoleCommentAcl;
use FOS\CommentBundle\Model\CommentInterface;
use FOS\CommentBundle\Model\SignedCommentInterface;
use Symfony\Component\Security\Core\SecurityContextInterface;
class RoleCommentAcl extends BaseRoleCommentAcl {
/**
* The current Security Context.
*
* @var SecurityContextInterface
*/
private $securityContext;
/**
* Constructor.
*
* @param SecurityContextInterface $securityContext
* @param string $createRole
* @param string $viewRole
* @param string $editRole
* @param string $deleteRole
* @param string $commentClass
*/
public function __construct(SecurityContextInterface $securityContext, $createRole, $viewRole, $editRole, $deleteRole, $commentClass
) {
parent::__construct(
$securityContext, $createRole, $viewRole, $editRole, $deleteRole, $commentClass);
$this->securityContext = $securityContext;
}
/**
* Checks if the Security token has an appropriate role to edit the supplied Comment.
*
* @param CommentInterface $comment
* @return boolean
*/
public function canEdit(CommentInterface $comment) {
// the comment owner can edit the comment whenever he want.
if ($comment instanceof SignedCommentInterface) {
if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
return true;
}
}
return parent::canEdit($comment);
}
/**
* Checks if the Security token is allowed to delete a specific Comment.
*
* @param CommentInterface $comment
* @return boolean
*/
public function canDelete(CommentInterface $comment) {
// the comment owner can delete the comment
if ($comment instanceof SignedCommentInterface) {
if ($comment->getAuthor() == $this->securityContext->getToken()->getUser()) {
return true;
}
}
return parent::canDelete($comment);
}
/**
* Checks if the Security token is allowed to reply to a parent comment.
*
* @param CommentInterface|null $parent
* @return boolean
*/
public function canReply(CommentInterface $parent = null) {
if ($parent instanceof SignedCommentInterface) {
//only the comment owner or the admin can reply to the comment.
if ($parent->getAuthor() == $this->securityContext->getToken()->getUser() ||
$this->securityContext->isGranted('ROLE_ADMIN')) {
return true;
}
}
if($parent !=null) {
// if the user have no access to reply then return false.
return false;
}
//this ligne allow all users to post new comments.
return parent::canCreate();
}
}
2。然后你必须添加到 services.xml 访问权限:
<?xml version="1.0" ?>
<container xmlns="http://symfony.com/schema/dic/services"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
<services>
<service id="myproject.name_bundle.acl.comment.roles" class="MyProject\MyBundle\Acl\RoleCommentAcl" public="false">
<argument type="service" id="security.context" />
<argument>IS_AUTHENTICATED_ANONYMOUSLY</argument> <!-- Create role -->
<argument>IS_AUTHENTICATED_ANONYMOUSLY</argument> <!-- View role -->
<argument>ROLE_ADMIN</argument> <!-- Edit role -->
<argument>ROLE_ADMIN</argument> <!-- Delete role -->
<argument>%fos_comment.model.comment.class%</argument>
</service>
</services> </container>
PS: 如果你使用 service.yml 你可以将这个 xml 文件翻译成 yaml 但如果你想使用 services.xml 你必须将配置集更改为你的包的 DependencyInjection:
$loader = new Loader\XmlFileLoader($container, new FileLocator(__DIR__ . '/../Resources/config'));
$loader->load('services.xml');
打开您的页面,您会注意到只有评论所有者和管理员才能访问回复users.Also删除和编辑只能对评论所有者和管理员显示。