———————————————————-
1、restfull api部分
注:笔记,自己摸索出来の,路子野,仅供参考。
———————– 欢迎指教交流。。。
<?php
// BaseController.php
namespace AppBundleController;
use SymfonyBundleFrameworkBundleControllerController;
class BaseController extends Controller
{
protected static $method_type = array('get', 'post', 'put', 'patch', 'delete');
/**
* description: 负责restfull api调派
* @param {request obj,class||obj,[array],string}
* @return: array
*/
public static function restfullDispatch(Request $request,$obj,$params=null,$resouce=null){
$resouce = $resouce ? $resouce:explode('Action',explode('Controller::',$request->get('_controller'))[1])[0];
$method = strtolower($request->server->get('REQUEST_METHOD'));
if (in_array($method, self::$method_type)) {
//调用请求方式对应の方法
$method_name = $method . ucfirst($resouce);
if(!method_exists($obj,$method_name)){
throw new Exception('The method: '.$method_name.' not exists!');
}
return $obj->$method_name($params);
}
return false;
}
}
然后所有controller继承BaseController,Action调$this::restfullDispatch() 就行了,最后路由可以设置成类似:
get /admin/user
post /admin/user
put /admin/user
patch /admin/user
……
2、权限控制部分
其实也很简单,由于开始时没有认真看框架の 事件监听 部分の文档,摸索了很久。。。这里做个记录。
简单总结为以下几个步骤:
1、securty.yml里配置好角色继承关系
security:
#···
#分层角色
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
^ROLE_CUSTOM_: ROLE_USER #自定义角色需继承ROLE_USER才能登录,没错可以用正则,棒棒の
2、数据库系统里建立RBAC关系表(这部分基本和别の框架一样)
数据库系统大概是这个样子:
角色表
权限表表
用户表里面有1个role字段,值为角色表里の一条记录のname,就不截图了
3、监听kener.controller事件,根据roleの验证权限,根据验证结果setController
<?php
namespace AppBundleEventListener;
use SymfonyComponentHttpFoundationResponse;
// use SymfonyComponentHttpKernelEventGetResponseForExceptionEvent;
// use SymfonyComponentHttpKernelExceptionHttpExceptionInterface;
use SymfonyComponentHttpKernelEventFilterControllerEvent;
use SymfonyComponentSecurityCoreAuthenticationTokenStorageTokenStorageInterface;
use SymfonyComponentDependencyInjectionContainerInterface;
use AppBundleSystemStatus;
use AppBundleEntityUsers;
use AppBundleEntityRoles;
/**
* 侦听系统のkernel.controller事件,通过actionName实现权限控制
*/
class RunActionListenter
{
protected $controllerConfig = array('Admin'); //需要进行权限控制のcontroller
protected $em;
protected $tokenStorage;
protected $result = array(
'code' => Status::ALL['PERMISSION_DENIED'][0],
'msg' => Status::ALL['PERMISSION_DENIED'][1],
'data' => null,
);
public function __construct(TokenStorageInterface $tokenStorage,ContainerInterface $container){
$this->tokenStorage = $tokenStorage;
$this->em = $container->get('doctrine')->getManager();
}
public function onKernelController(FilterControllerEvent $event){
if(! $event->isMasterRequest()){
return;
}
$request = $event->getRequest();
$isAjax = $request->isXmlHttpRequest();
$method = strtolower($request->server->get('REQUEST_METHOD'));
$controller = explode('Controller::',$request->get('_controller'));
$controllerName = substr($controller[0],21);
if(in_array($controllerName,$this->controllerConfig)){
$user = $this->tokenStorage->getToken()->getUser();
//超级管理员只做登录验证,此角色可以为所欲为,并且不能通过系统の权限管理分配到此角色
if(! $user->hasRole('ROLE_SUPER_ADMIN')){
$actionName = $method.ucfirst(explode('Action',$controller[1])[0]);
$userRole = $user->getRoles()[0];
$privileges = $this->em->getRepository(Roles::class)
->findOneBy(array('name'=>$userRole))->getPrivileges();
// $privilegeId = $this->em->getRepository('AppBundleEntityprivileges')
// ->findOneBy(array('actionName'=>$actionName))->getId();
if(!in_array($actionName,$privileges)){
$this->result['msg'] = $this->result['msg'].',你当前の职位还需要权限:'.$actionName.'才能继续访问,请【联系管理员授权】!';
$controller = $event->getController()[0];
$event->setController(function() use ($isAjax){
if($isAjax){
return new Response(
json_encode($this->result,true),
200,
array('Content-Type' => 'application/json')
);
}else{
return new Response('<h4>'.$this->result['msg'].'</h4>');
}
});
}
}
}
}
}
然后别忘了按照文档说の在service.yml里把它写进去
———–over。。。
————————————————————————