使用Symfony2的role_hierarchy

Question

我的role_hierarchy有一个很大的问题,

security:
    role_hierarchy:
        ROLE_ADMIN:[ROLE_USER,ROLE_AUTHOR,ROLE_MODERATOR]
        ROLE_SUPER_ADMIN:[ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH]

有了它,如果我得到了SUPER_ADMIN角色,我将得到ROLE_AUTHOR,ROLE_MODERATOR,ROLE_USER和ROLE_ADMIN.但是我的问题是当我登录我的网站时,如果我检查了探查器,我可以看到我只得到了ROLE_SUPER_ADMIN,而不是其他角色,所以,你能帮助我吗？

我的观点(base.html.twig)

<h3>Blog</h3>
<ul class="nav nav-pills nav-stacked">
    <li><a href="{{ path('dom_home') }}">Home Page</a></li>
    {% if is_granted('ROLE_AUTHOR') %}
        <li><a href="{{ path('dom_add') }}">Add a post</a></li>
    {% endif %}
    {% if is_granted('IS_AUTHENTICATED_FULLY') %}
        <li><a href="{{ path('fos_user_security_logout') }}">Logout</a></li>
    {% else %}
        <li><a href="{{ path('fos_user_security_login') }}">login</a></li>
        <li><a href="{{ path('fos_user_registration_register') }}">register</a></li>
    {% endif %}
</ul>

我的security.yml(app/config)

security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       [ROLE_USER,ROLE_AUTHOR,ROLE_MODERATOR]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH]

    providers:
        in_memory:
            users:
                user:  { password: userpass, roles: [ 'ROLE_USER' ] }
                admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
        fos_userbundle:
            id: fos_user.user_manager
    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
        login:
            pattern:   ^/(login$|register|resetting)
            anonymous: true
        main:
            pattern: ^/
            form_login:
                provider:    fos_userbundle
                remember_me: true
                always_use_default_target_path: true
                default_target_path: /dom/
            remember_me:
                key:         %secret%
            anonymous:       false
            logout:          true 

编辑:

我的观点(base.html.twig)

<h3>Blog</h3>
<ul class="nav nav-pills nav-stacked">
    <li><a href="{{ path('dom_home') }}">Home Page</a></li>
    {% if is_granted('ROLE_AUTHOR') %}
        <li><a href="{{ path('dom_add') }}">Add a post</a></li>
    {% endif %}
    {% if is_granted('IS_AUTHENTICATED_FULLY') %}
        <li><a href="{{ path('fos_user_security_logout') }}">Logout</a></li>
    {% else %}
        <li><a href="{{ path('fos_user_security_login') }}">login</a></li>
        <li><a href="{{ path('fos_user_registration_register') }}">register</a></li>
    {% endif %}
</ul>

我的security.yml(app/config)

security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       [ROLE_USER,ROLE_AUTHOR,ROLE_MODERATOR]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH]

    providers:
        in_memory:
            users:
                user:  { password: userpass, roles: [ 'ROLE_USER' ] }
                admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
        fos_userbundle:
            id: fos_user.user_manager
    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
        login:
            pattern:   ^/(login$|register|resetting)
            anonymous: true
        main:
            pattern: ^/
            form_login:
                provider:    fos_userbundle
                remember_me: true
                always_use_default_target_path: true
                default_target_path: /dom/
            remember_me:
                key:         %secret%
            anonymous:       false
            logout:          true 

请回答 :)

Answer 1

我看不出你提供的代码片段有什么问题,所以我做了一个小例子应用程序,给你一步一步的指导,这可能会引导你找到问题的根源.

1. 克隆的symfony-standard(master)(并删除了Acme\DemoBundle)
2. 添加"friendsofsymfony/user-bundle": "dev-master"到composer.json
3. 创建了新的捆绑Mahok\SecurityBundle(php app/console generate:bundle)
4. 创建了新的实体 php app/console doctrine:generate:entity
5. 根据FOS\UserBundle文档修改实体(步骤3;重要:将表名更改为"user"以外的名称,因为这是一个保留字,可能会造成麻烦!)

6. 改性app/AppKernel.php,app/config/config.yml,app/config/routing.yml和app/config/security.yml根据FOS\UserBundle文档.供参考:这是我使用的security.yml:

   jms_security_extra:
       secure_all_services: false
       expressions: true
   
   security:
       encoders:
           FOS\UserBundle\Model\UserInterface: sha512
   
   role_hierarchy:
       ROLE_AUTHOR:      [ROLE_USER]
       ROLE_MODERATOR:   [ROLE_AUTHOR]
       ROLE_ADMIN:       [ROLE_MODERATOR]
       ROLE_SUPER_ADMIN: [ROLE_ADMIN]
   
   providers:
       fos_userbundle:
           id: fos_user.user_manager
   
   firewalls:
       dev:
           pattern:  ^/(_(profiler|wdt)|css|images|js)/
           security: false
   
       auth:
           pattern:   (^/login$|^/register|^/resetting)
           anonymous: true
   
       main:
           pattern:    ^/
           form_login:
               provider:      fos_userbundle
               csrf_provider: form.csrf_provider
           logout:     true
           anonymous:  true
   
   access_control:
       - { path: ^/admin, role: ROLE_ADMIN }
   

7. 使用`php app/console fos:user:create sa --super-admin创建用户

8. 修改了DefaultController:Mahok\SecurityBundle中的default.html.twig,检查{% is_granted('ROLE_MODERATOR') %}:

   Hello {{ name }}!
   {% if is_granted('ROLE_MODERATOR') %}
   <ul>
       {% for role in app.user.roles %}
       <li>{{ role }}</li>
       {% endfor %}
   </ul>
   {% else %}
       oh noes!
   {% endif %}
   

编辑:当转到localhost/example/app_dev.php/hello/User(以"sa"登录后)时,我得到以下输出:

Hello User!
* ROLE_SUPER_ADMIN
* ROLE_USER