我的ACL有问题:
我使用类作用域来授予Role权限.
这是我声明ClassAce的代码:
$objectIdentity = new \Symfony\Component\Security\Acl\Domain\ObjectIdentity('class', 'Complete\\Class\\Name');
try
{
$acl = $aclProvider->findAcl($objectIdentity);
}
catch (\Symfony\Component\Security\Acl\Exception\Exception $e)
{
$acl = $aclProvider->createAcl($objectIdentity);
}
// retrieving the security identity of the currently role
$securityIdentity = new \Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity($role);
// grant owner access
$acl->insertClassAce($securityIdentity, \Symfony\Component\Security\Acl\Permission\MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);
这是我检查访问权限的代码:
$securityContext = $this->get('security.context');
$oid = new \Symfony\Component\Security\Acl\Domain\ObjectIdentity('class', 'Complete\\Class\\Name');
if (false === $securityContext->isGranted('EDIT', $oid))
{
throw new \Symfony\Component\Security\Core\Exception\AccessDeniedException();
}
我收到一个AccessDeniedExeption,日志中显示消息:"找不到对象标识的ACL.投票拒绝访问."
我可以通过更改RoleSecurityIdentity的equals函数来解决这个问题
原来的功能是
public function equals(SecurityIdentityInterface $sid)
{
if (!$sid instanceof RoleSecurityIdentity) {
return false;
}
return $this->role === $sid->getRole();
}
但如果我改变它
public function equals(SecurityIdentityInterface $sid)
{
if (!$sid instanceof RoleSecurityIdentity) {
return false;
}
return $this->role == $sid->getRole();
}
有用...
我使用自己的角色类,这可能是个问题吗?
谢谢你的回答,
我有类似的问题.在我自己的Role类中扩展Symfony\Component\Security\Core\Role\Role解决了这个问题.
use Symfony\Component\Security\Core\Role\Role as CoreRole;
class Role extends CoreRole{ // or extends CoreRole implements RoleInterface
// my custom Role class
}
找出在相同函数中检查哪些类型的值,它必须是字符串,而不是对象.就我而言,它是角色对象.