管理后台的权限控制

优质
小牛编辑
176浏览
2023-12-01

SonataUserBundle

SonataUserBundle是sonata项目中有关用户管理的部分,它其实是集成了FOS/UserBundle组件(感兴趣可以去git上找,但个人觉得直接用SonataUserBundle就够了)并增添了一些功能,使用SonataUserBundle需要安装如下扩展,执行:

[root@centos7vm mywebsite]# composer require sonata-project/user-bundle

并修改app/AppKernel.php,增加如下组件的注册:

            new FOS\UserBundle\FOSUserBundle(),
            new Sonata\UserBundle\SonataUserBundle('FOSUserBundle'),

修改配置

修改app/config/config.yml,增加如下配置:

fos_user:
    db_driver:      orm
    firewall_name:  main
    user_class:     Sonata\UserBundle\Entity\BaseUser
    group:
        group_class:   Sonata\UserBundle\Entity\BaseGroup

并找到对应配置组添加如下内容:

doctrine:
    orm:
        entity_managers:
            default:
                mappings:
                    SonataUserBundle: ~

修改app/config/security.yml,改成如下样子:

security:
    role_hierarchy:
        ROLE_ADMIN:       [ROLE_USER, ROLE_SONATA_ADMIN]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
        SONATA:
            - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT  # if you are using acl then this line must be commented
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
    fos_userbundle:
        id: fos_user.user_manager

firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    # -> custom firewall for the admin area of the URL
    admin:
        pattern:            /admin(.*)
        context:            user
        form_login:
            provider:       fos_userbundle
            login_path:     /admin/login
            use_forward:    false
            check_path:     /admin/login_check
            failure_path:   null
        logout:
            path:           /admin/logout
        anonymous:          true
    # -> end custom configuration
    main:
        pattern:             .*
        context:             user
        form_login:
            provider:       fos_userbundle
            login_path:     /login
            use_forward:    false
            check_path:     /login_check
            failure_path:   null
        logout:             true
        anonymous:          true
access_control:
    # URL of FOSUserBundle which need to be available to anonymous users
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    # Admin login page needs to be access without credential
    - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    # Secured part of the site
    # This config requires being logged for the whole site and having the admin role for the admin part.
    # Change these rules to adapt them to your needs
    - { path: ^/admin/, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
    - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
encoders:
    FOS\UserBundle\Model\UserInterface: sha512
acl:
    connection: default</code></pre>

修改app/config/routing.yml,添加如下内容:

sonata_user_security:
    resource: "@SonataUserBundle/Resources/config/routing/sonata_security_1.xml"
sonata_user_resetting:
    resource: "@SonataUserBundle/Resources/config/routing/sonata_resetting_1.xml"
    prefix: /resetting
sonata_user_profile:
    resource: "@SonataUserBundle/Resources/config/routing/sonata_profile_1.xml"
    prefix: /profile
sonata_user_register:
    resource: "@SonataUserBundle/Resources/config/routing/sonata_registration_1.xml"
    prefix: /register
sonata_user_change_password:
    resource: "@SonataUserBundle/Resources/config/routing/sonata_change_password_1.xml"
    prefix: /profile
sonata_user:
    resource: '@SonataUserBundle/Resources/config/routing/admin_security.xml'
    prefix: /admin

生成自定义用户类

执行:

[root@centos7vm mywebsite]# php app/console sonata:easy-extends:generate SonataUserBundle -d src

可以自动在src/Application/Sonata/UserBundle/下生成有关用户的自定义类

注册自定义用户类,修改app/AppKernel.php,增加:

             new Application\Sonata\UserBundle\ApplicationSonataUserBundle(),

重新修改配置

这时重新修改app/config/config.yml,并找到对应配置组添加如下内容:

doctrine:
    orm:
        entity_managers:
            default:
                mappings:
                    FOSUserBundle: ~
                    ApplicationSonataUserBundle: ~

把fos_user配置组改成如下的样子:

fos_user:
    db_driver:      orm
    firewall_name:  main
    user_class:     Application\Sonata\UserBundle\Entity\User
    group:
        group_class:   Application\Sonata\UserBundle\Entity\Group
        group_manager: sonata.user.orm.group_manager
    profile:
        # Authentication Form
        form:
            type:               fos_user_profile
            handler:            fos_user.profile.form.handler.default
            name:               fos_user_profile_form
            validation_groups:  [Authentication] # Please note : this is not the default value
    service:
        user_manager: sonata.user.orm.user_manager

生效

更新数据库,执行

[root@centos7vm mywebsite]# php app/console doctrine:schema:update --force

创建一个管理员账户,执行:

[root@centos7vm mywebsite]# php app/console fos:user:create yourname youemail yourpasswd --super-admin

请cache后重新打开http://172.16.142.134/app_dev.php/admin,会看到提示登录啦,输入刚才创建的管理员用户名和密码就可以登录啦

本章节的内容是和官方文档有所不同的,经过我的尝试以及网上的一些说法也都表示sonata官方文档里的方法是有问题的,达不到想要的目的而且会报错,按照我上面试验过的方法是可行的

至此,你的管理后台就有权限控制了,不会被其他人篡改,可以尽情发布了