I am in the process of evaluating Symfony2 for a greenfield project. One of the central requirements is that; A user can be associated with many companies and each of those associations can have a different set of permissions identified by a role.
我正在为一个绿地项目评估Symfony2。其中一个核心要求是;用户可以与许多公司相关联,这些关联中的每个公司都可以具有由角色标识的一组不同的权限。
Has anyone experience implementing something similar or a perspective on how this might be achieved with Symfony2's ACL system?
有谁体验过使用Symfony2的ACL系统实现类似的东西吗?
Will gratefully receive any advice.
将感激地接受任何建议。
1 个解决方案
#1
0
I'm too late to the game but perhaps this will help someone else?
我太晚了,不能参加比赛了,但也许这能帮助别人?
http://brentertainment.com/2012/02/28/contextualizing-your-symfony2-application-with-the-service-container/
In short, you can use the custom voter, then take advantage of the 2nd object which you can pass into the voter and use it to contextualize your security checking like this
简而言之,您可以使用自定义投票者,然后利用您可以传递给投票者的第二个对象,并使用它来将您的安全检查设置成这样。
public function vote(TokenInterface $token, $object, array $attributes)
{
if ($this->supportsClass($object) && $company = $this->container->get('context.company')) {
foreach ($attributes as $attribute) {
if ($this->supportsAttribute($attribute)) {
if ($company == $object->getCompany()) {
return VoterInterface::ACCESS_GRANTED;
}
return VoterInterface::ACCESS_DENIED;
}
}
}
return VoterInterface::ACCESS_ABSTAIN;
}
}
#1
0
I'm too late to the game but perhaps this will help someone else?
我太晚了,不能参加比赛了,但也许这能帮助别人?
http://brentertainment.com/2012/02/28/contextualizing-your-symfony2-application-with-the-service-container/
In short, you can use the custom voter, then take advantage of the 2nd object which you can pass into the voter and use it to contextualize your security checking like this
简而言之,您可以使用自定义投票者,然后利用您可以传递给投票者的第二个对象,并使用它来将您的安全检查设置成这样。
public function vote(TokenInterface $token, $object, array $attributes)
{
if ($this->supportsClass($object) && $company = $this->container->get('context.company')) {
foreach ($attributes as $attribute) {
if ($this->supportsAttribute($attribute)) {
if ($company == $object->getCompany()) {
return VoterInterface::ACCESS_GRANTED;
}
return VoterInterface::ACCESS_DENIED;
}
}
}
return VoterInterface::ACCESS_ABSTAIN;
}
}