全部设置

首先,我们创建了一个选民:

namespace BBIT\CoreBundle\Security\Authorization\Voter;
 
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
 
class EventVoter implements VoterInterface
{
    const VIEW      = 'VIEW';
    const EDIT      = 'EDIT';
    const DELETE    = 'DELETE';
    const CREATE    = 'CREATE';
    const LLIST      = 'LIST';
 
    public function supportsAttribute($attribute)
    {
 
        return in_array($attribute, array(
            self::VIEW,
            self::EDIT,
            self::DELETE,
            self::CREATE,
            self::LLIST,
        ));
    }
 
    public function supportsClass($class)
    {
 
        $supportedClass = 'BBIT\CoreBundle\Entity\SomeEntity';
 
        if (is_string($class)) {
            if ($class === $supportedClass) {
                return true;
            } else {
                return false;
            }
        }
        return $supportedClass === get_class($class) || is_subclass_of(get_class($class), $supportedClass);
    }
 
 
    public function vote(TokenInterface $token, $entity, array $attributes)
    {
        $user = $token->getUser();
 
        if (!is_object($user)) {
            return VoterInterface::ACCESS_DENIED;
        }
 
        if (!$this->supportsClass($entity)) {
            return VoterInterface::ACCESS_ABSTAIN;
        }
 
        $attribute = $attributes[0];
 
        switch($attribute) {
            case self::LLIST:
 
                return VoterInterface::ACCESS_DENIED;
                break;
            case self::VIEW:
 
                return VoterInterface::ACCESS_DENIED;
                break;
            case self::CREATE:
 
                return VoterInterface::ACCESS_DENIED;
                break;
            case self::EDIT:
 
                return VoterInterface::ACCESS_DENIED;
                break;
            case self::DELETE:
 
                return VoterInterface::ACCESS_DENIED;
                break;
        }
 
        return VoterInterface::ACCESS_DENIED;
    }
}

这个选民与 symfony 文档中的默认选民略有不同,其另外的好处是能够接受一个对象或类名本身作为参数。

其次,我们将创建一个 VoterSecurityhandler,它从 sonata 的 RoleSecurityHandler 扩展并覆盖其中的一部分:

namespace BBIT\CoreBundle\Security\Handler;
 
use Sonata\AdminBundle\Admin\AdminInterface;
use Sonata\AdminBundle\Security\Handler\RoleSecurityHandler;
use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
 
class VoterSecurityHandler extends RoleSecurityHandler
{
 
 
    /**
     * {@inheritdoc}
     */
    public function isGranted(AdminInterface $admin, $attributes, $object = null)
    {
        if (!is_array($attributes)) {
            $attributes = array($attributes);
        }
 
        if ($object == $admin) {
            $object = $admin->getClass();
        }
 
        foreach ($attributes as $pos => $attribute) {
            $attributes[$pos] = $attribute;
        }
 
        try {
 
            return $this->securityContext->isGranted($attributes, $object);
        } catch (AuthenticationCredentialsNotFoundException $e) {
            return false;
        } catch (\Exception $e) {
            throw $e;
        }
    }
 
    /**
     * {@inheritdoc}
     */
    public function getBaseRole(AdminInterface $admin)
    {
        return '%s';
    }
 
}

现在我们需要一个服务定义来将此处理程序定义为服务:

services:
    ...
    sonata.admin.security.handler.voter:
        class: BBIT\CoreBundle\Security\Handler\VoterSecurityHandler
        arguments:
            - @security.context
            - [ROLE_SUPER_ADMIN]

现在我们可以告诉 sonata 使用我们的 VoterSecurityHandler:

sonata_admin:
    ...
    security:
        handler: sonata.admin.security.handler.voter

多数民众赞成在这一点上,奏鸣曲将考虑你的选民,你应该好好去。