1. 技术文章
  2. symfony - sfDoctrineGuard - restricting user creation based on group credentials

symfony - sfDoctrineGuard - restricting user creation based on group credentials

天涯浪子 提交于 2019-12-08 10:34:18

问题


I am currently in the process of developing a fairly large and complex user management system using sfDoctrineGuard

I have created 4 groups, editors, moderators, admins and superadmins.

What I'm looking to do, is restrict certain users in the admin to be able to create/view/edit other users in the sfGuardUser admin module.

So for example a superadmins user can create editors, moderators, admins and other superadmins, but a moderator can only create editors.

Is this possible in sfDoctrineGuard, if so, could someone give me an insight on how I'd achieve this?

Thanks


回答1:


First of all you can set credentials in generator.yml to show/hide links to actions and object actions based on credentials. For example: 

config:
  list:
    object_actions:
      _delete:
        confirm: Вы уверены, что хотите удалить пользователя?
        credentials: superuser
    actions:
      _new:
        credentails: moderator

Next, configure your forms with custom table methods for doctrine choice widgets of groups:

class sfGuardUserForm extends PluginsfGuardUserForm
{
  public function configure()
  {
    //groups_list
    $this->getWidget('groups_list')->setOption('expanded', true);
    $this->getWidget('groups_list')->setOption('table_method', 'getListForAdmin');
    $this->getValidator('groups_list')->setOption('query', Doctrine::getTable('sfGuardGroup')->getListForAdmin());
  }
}

class sfGuardGroupTable extends PluginsfGuardGroupTable
{
  /**
   * Builds list query based on credentials
   *
   */
  public function getListForAdmin()
  {
    $user = sfContext::getInstance()->getUser();

    $q = $this->createQuery('g');

    if (!$user->isSuperAdmin() && $user->hasCredential('moderator'))
    {
      $q->addWhere('g.name IN (?)', array('editor'));
    }
    else if ($user->hasCredential('editor'))
    {
      $q->addWhere('g.name IN (?)', array('editor'));
    }        
    return $q;
  }
}

A couple of enhancements: get rid of singletone call by passing user instance from action (in preExecute) and load group names form app.yml with sfConfig::get instead of hardcoding in it in code.



来源:https://stackoverflow.com/questions/5727424/symfony-sfdoctrineguard-restricting-user-creation-based-on-group-credentials

标签
symfony1
symfony-1.4
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!