管理后台的权限控制
优质
小牛编辑
176浏览
2023-12-01
SonataUserBundle
SonataUserBundle是sonata项目中有关用户管理的部分,它其实是集成了FOS/UserBundle组件(感兴趣可以去git上找,但个人觉得直接用SonataUserBundle就够了)并增添了一些功能,使用SonataUserBundle需要安装如下扩展,执行:
[root@centos7vm mywebsite]# composer require sonata-project/user-bundle
并修改app/AppKernel.php,增加如下组件的注册:
new FOS\UserBundle\FOSUserBundle(),
new Sonata\UserBundle\SonataUserBundle('FOSUserBundle'),
修改配置
修改app/config/config.yml,增加如下配置:
fos_user:
db_driver: orm
firewall_name: main
user_class: Sonata\UserBundle\Entity\BaseUser
group:
group_class: Sonata\UserBundle\Entity\BaseGroup
并找到对应配置组添加如下内容:
doctrine:
orm:
entity_managers:
default:
mappings:
SonataUserBundle: ~
修改app/config/security.yml,改成如下样子:
security:
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
SONATA:
- ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT # if you are using acl then this line must be commented
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
fos_userbundle:
id: fos_user.user_manager
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# -> custom firewall for the admin area of the URL
admin:
pattern: /admin(.*)
context: user
form_login:
provider: fos_userbundle
login_path: /admin/login
use_forward: false
check_path: /admin/login_check
failure_path: null
logout:
path: /admin/logout
anonymous: true
# -> end custom configuration
main:
pattern: .*
context: user
form_login:
provider: fos_userbundle
login_path: /login
use_forward: false
check_path: /login_check
failure_path: null
logout: true
anonymous: true
access_control:
# URL of FOSUserBundle which need to be available to anonymous users
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Admin login page needs to be access without credential
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Secured part of the site
# This config requires being logged for the whole site and having the admin role for the admin part.
# Change these rules to adapt them to your needs
- { path: ^/admin/, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
- { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
encoders:
FOS\UserBundle\Model\UserInterface: sha512
acl:
connection: default</code></pre>
修改app/config/routing.yml,添加如下内容:
sonata_user_security:
resource: "@SonataUserBundle/Resources/config/routing/sonata_security_1.xml"
sonata_user_resetting:
resource: "@SonataUserBundle/Resources/config/routing/sonata_resetting_1.xml"
prefix: /resetting
sonata_user_profile:
resource: "@SonataUserBundle/Resources/config/routing/sonata_profile_1.xml"
prefix: /profile
sonata_user_register:
resource: "@SonataUserBundle/Resources/config/routing/sonata_registration_1.xml"
prefix: /register
sonata_user_change_password:
resource: "@SonataUserBundle/Resources/config/routing/sonata_change_password_1.xml"
prefix: /profile
sonata_user:
resource: '@SonataUserBundle/Resources/config/routing/admin_security.xml'
prefix: /admin
生成自定义用户类
执行:
[root@centos7vm mywebsite]# php app/console sonata:easy-extends:generate SonataUserBundle -d src
可以自动在src/Application/Sonata/UserBundle/下生成有关用户的自定义类
注册自定义用户类,修改app/AppKernel.php,增加:
new Application\Sonata\UserBundle\ApplicationSonataUserBundle(),
重新修改配置
这时重新修改app/config/config.yml,并找到对应配置组添加如下内容:
doctrine:
orm:
entity_managers:
default:
mappings:
FOSUserBundle: ~
ApplicationSonataUserBundle: ~
把fos_user配置组改成如下的样子:
fos_user:
db_driver: orm
firewall_name: main
user_class: Application\Sonata\UserBundle\Entity\User
group:
group_class: Application\Sonata\UserBundle\Entity\Group
group_manager: sonata.user.orm.group_manager
profile:
# Authentication Form
form:
type: fos_user_profile
handler: fos_user.profile.form.handler.default
name: fos_user_profile_form
validation_groups: [Authentication] # Please note : this is not the default value
service:
user_manager: sonata.user.orm.user_manager
生效
更新数据库,执行
[root@centos7vm mywebsite]# php app/console doctrine:schema:update --force
创建一个管理员账户,执行:
[root@centos7vm mywebsite]# php app/console fos:user:create yourname youemail yourpasswd --super-admin
请cache后重新打开http://172.16.142.134/app_dev.php/admin,会看到提示登录啦,输入刚才创建的管理员用户名和密码就可以登录啦
本章节的内容是和官方文档有所不同的,经过我的尝试以及网上的一些说法也都表示sonata官方文档里的方法是有问题的,达不到想要的目的而且会报错,按照我上面试验过的方法是可行的
至此,你的管理后台就有权限控制了,不会被其他人篡改,可以尽情发布了