问题
I noticed that my voters are solicited even for SuperAdmin users.
Is it working as expected ?
If yes, I thought that the philosophy of SuperAdmin is that they systematically have all rights, so that we don't have to give them each permission one by one. In that case why not granting access to all voters ?
Do I always have to put
if ($user->isSuperAdmin()) {
return VoterInterface::ACCESS_GRANTED;
}
in my voters ?
回答1:
In the IddqdVoter class, you have a special role called ROLE_IDDQD.
This voter adds a special role ROLE_IDDQD which effectively bypasses any, and all security checks (including voters).
This is what you're looking for. More : IDDQD Voter
You can even set an alias for the IDDQD role, so I guess that you can alias the ROLE_SUPER_ADMIN to the ROLE_IDDQD. If you can't do that, simply grant the ROLE_SUPER_ADMIN the ROLE_IDDQD and you're ready to go.
In order to use this special role, you'll have to enable it by doing so :
#config.yml
jms_security_extra:
enable_iddqd_attribute: true
来源:https://stackoverflow.com/questions/18060443/symfony2-why-voters-are-called-even-for-superadmins