SharEDITor

教你成为全栈工程师(Full Stack Developer) 二十-管理后台的权限控制

全栈技术 教你成为全栈工程师(Full Stack Developer) 发表于 2016-05-05 16:04:58 阅读913次


如果你按照前面的章节一步一步实现到现在,应该可以在管理后台编辑和发布你的博客文章了,但是如果别人知道你的链接,也可以编辑、发布甚至删除你的文章,这时就需要你做权限控制了,也就是能够支持输入用户名密码登陆的用户管理部分

请尊重原创,转载请注明来源网站www.shareditor.com以及原始链接地址

SonataUserBundle

 

SonataUserBundle是sonata项目中有关用户管理的部分,它其实是集成了FOS/UserBundle组件(感兴趣可以去git上找,但个人觉得直接用SonataUserBundle就够了)并增添了一些功能,使用SonataUserBundle需要安装如下扩展,执行:

[root@centos7vm mywebsite]# composer require sonata-project/user-bundle

并修改app/AppKernel.php,增加如下组件的注册:

            new FOS\UserBundle\FOSUserBundle(),
            new Sonata\UserBundle\SonataUserBundle('FOSUserBundle'),

 

修改配置

 

修改app/config/config.yml,增加如下配置:

fos_user:

    db_driver:      orm
    firewall_name:  main
    user_class:     Sonata\UserBundle\Entity\BaseUser

    group:
        group_class:   Sonata\UserBundle\Entity\BaseGroup

 

并找到对应配置组添加如下内容:

doctrine:
    orm:
        entity_managers:
            default:
                mappings:
                    SonataUserBundle: ~

 

 

修改app/config/security.yml,改成如下样子:

security:

    role_hierarchy:
        ROLE_ADMIN:       [ROLE_USER, ROLE_SONATA_ADMIN]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
        SONATA:
            - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT  # if you are using acl then this line must be commented


    # http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
    providers:
        fos_userbundle:
            id: fos_user.user_manager


    firewalls:
        # disables authentication for assets and the profiler, adapt it according to your needs
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        # -> custom firewall for the admin area of the URL
        admin:
            pattern:            /admin(.*)
            context:            user
            form_login:
                provider:       fos_userbundle
                login_path:     /admin/login
                use_forward:    false
                check_path:     /admin/login_check
                failure_path:   null
            logout:
                path:           /admin/logout
            anonymous:          true

        # -> end custom configuration

        main:
            pattern:             .*
            context:             user
            form_login:
                provider:       fos_userbundle
                login_path:     /login
                use_forward:    false
                check_path:     /login_check
                failure_path:   null
            logout:             true
            anonymous:          true

    access_control:
        # URL of FOSUserBundle which need to be available to anonymous users
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # Admin login page needs to be access without credential
        - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }

        # Secured part of the site
        # This config requires being logged for the whole site and having the admin role for the admin part.
        # Change these rules to adapt them to your needs
        - { path: ^/admin/, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
        - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }

    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    acl:
        connection: default

请尊重原创,转载请注明来源网站www.shareditor.com以及原始链接地址

修改app/config/routing.yml,添加如下内容:

sonata_user_security:
    resource: "@SonataUserBundle/Resources/config/routing/sonata_security_1.xml"

sonata_user_resetting:
    resource: "@SonataUserBundle/Resources/config/routing/sonata_resetting_1.xml"
    prefix: /resetting

sonata_user_profile:
    resource: "@SonataUserBundle/Resources/config/routing/sonata_profile_1.xml"
    prefix: /profile

sonata_user_register:
    resource: "@SonataUserBundle/Resources/config/routing/sonata_registration_1.xml"
    prefix: /register

sonata_user_change_password:
    resource: "@SonataUserBundle/Resources/config/routing/sonata_change_password_1.xml"
    prefix: /profile

sonata_user:
    resource: '@SonataUserBundle/Resources/config/routing/admin_security.xml'
    prefix: /admin

 

生成自定义用户类

 

执行:

[root@centos7vm mywebsite]# php app/console sonata:easy-extends:generate SonataUserBundle -d src

可以自动在src/Application/Sonata/UserBundle/下生成有关用户的自定义类

 

注册自定义用户类,修改app/AppKernel.php,增加:

             new Application\Sonata\UserBundle\ApplicationSonataUserBundle(),

 

重新修改配置

这时重新修改app/config/config.yml,并找到对应配置组添加如下内容:

doctrine:
    orm:
        entity_managers:
            default:
                mappings:
                    FOSUserBundle: ~
                    ApplicationSonataUserBundle: ~

 

把fos_user配置组改成如下的样子:

 

fos_user:
    db_driver:      orm
    firewall_name:  main
    user_class:     Application\Sonata\UserBundle\Entity\User

    group:
        group_class:   Application\Sonata\UserBundle\Entity\Group
        group_manager: sonata.user.orm.group_manager

    profile:
        # Authentication Form
        form:
            type:               fos_user_profile
            handler:            fos_user.profile.form.handler.default
            name:               fos_user_profile_form
            validation_groups:  [Authentication] # Please note : this is not the default value

    service:
        user_manager: sonata.user.orm.user_manager

 

生效

更新数据库,执行

[root@centos7vm mywebsite]# php app/console doctrine:schema:update --force

 

创建一个管理员账户,执行:

[root@centos7vm mywebsite]# php app/console fos:user:create yourname youemail yourpasswd --super-admin

 

请cache后重新打开http://172.16.142.134/app_dev.php/admin,会看到提示登录啦,输入刚才创建的管理员用户名和密码就可以登录啦

 

 

本章节的内容是和官方文档有所不同的,经过我的尝试以及网上的一些说法也都表示sonata官方文档里的方法是有问题的,达不到想要的目的而且会报错,按照我上面试验过的方法是可行的

 

至此,你的管理后台就有权限控制了,不会被其他人篡改,可以尽情发布了