Symfony：如何找出已连接用户可以访问的不同网址的列表

Question

我想编写一个索引页面，向登录用户显示他可以根据分配给他的角色访问的资源 URL 列表

我通过使用 Yaml 组件解析 security.yaml 文件并浏览 security.acces_control 部分找到了解决方案：

security:
    ......
    access_control:
        - {path: ^/admin, roles: ROLE_ADMIN}
        - {path: ^/profile, roles: ROLE_USER}
        - {path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY}
        - {path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY}
        - {path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY}
        - {path: ^/path1, roles: ROLE_USER}
        - {path: ^/path2, roles: ROLE_CONTRIBUTOR}
        - .....
        - {path: ^/pathn, roles: ROLE_CONTRIBUTOR}

因此，如果登录用户只有 ROLE_USER 角色，他将只能在索引页面上看到 /profile 和 /path1。

但我知道这样做是不好的做法。您是否有更好的 Symfony 组件解决方案来避免解析 security.yaml?

我考虑过使用 AccesMap，但 'security.acces_map' 服务是私有的，无法使用。

Answer 1

我找到了一个基于 AccessMap 和 AccessDecisionManager 类.

的解决方案

由于 AccessMap 不是自动连接的，因此有必要编写并声明一个允许手动连接的服务。

此服务在services.yaml中的声明：

App\Security\Util\AccessControlInterface:
    class: App\Security\Util\AccessControl
    arguments:
        - '@security.access_map'

服务代码：

namespace App\Security\Util;

<? php declare (strict_types = 1);

interface AccessControlInterface {

    / **
    * Checks if the connected user can access to $path.
    *
    * @param string $path
    *
    * @return bool
    * /
    public function isPathAuthorized (string $path);

}

和

<? php declare (strict_types = 1);

namespace App\Security\Util;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Http\AccessMapInterface;

class AccessControl implements AccessControlInterface
{

    / **
    * @var array
    * /
    protected $server;

    / **
    * @var string
    * /
    protected $baseUrl;

    / **
    * @var\Symfony\Component\Security\Http\AccessMapInterface
    * /
    protected $accessMap;

    / **
    * @var\Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface
    * /
    protected $tokenStorage;

    / **
    * @var\Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface
    * /
    protected $accessDecisionManager;

    public function __construct (
        AccessMapInterface $accessMap,
        RequestStack $requestStack,
        TokenStorageInterface $tokenStorage,
        AccessDecisionManagerInterface $accessDecisionManager
    )
    {
        $this->accessMap = $accessMap;
        $this->server = $requestStack->getCurrentRequest()->server->all();
        $this->baseUrl = $requestStack->getCurrentRequest()->getBaseUrl();
        $this->tokenStorage = $tokenStorage;
        $this->accessDecisionManager = $accessDecisionManager;
    }

    public function isPathAuthorized (string $path)
    {
        $request = Request::create ($this->baseUrl. $path, 'GET', [], [], [], $this->server);
        $token = $this->tokenStorage->getToken();
        [$attributes] = $this->accessMap->getPatterns ($request);
        if (null === $attributes) {
            $attributes = ['IS_AUTHENTICATED_ANONYMOUSLY'];
        }
        return $this->accessDecisionManager->decide($token, $attributes, $request);
    }
}

控制器的可能用途：

use App\Security\Util\AccessControlInterface;
...

class IndexController extends AbstractController {

    public function index (Request $request, AccessControlInterface $accessControl)
    {
        if ($accessControl->isPathAuthorized("/path1")) {
            // do stuff
        }
    }
}

Symfony：如何找出已连接用户可以访问的不同网址的列表

Symfony: how to find out the list of the different urls to which the connected user can access

access-control

symfony