我正在尝试使用sfGuardPlugin 5.0.0在Symfony 1.4上开发的应用程序中配置一些安全性。
要求说管理员用户可以做所有事情,而查看者只能列出和查看记录。
这是我在模块的目录配置中使用的 security.yml:
index:
is_secure: true
credentials: [[ admin, viewer ]]
show:
is_secure: true
credentials: [[ admin, viewer ]]
all:
is_secure: true
credentials: [ admin ]
但是我不知道为什么当我尝试为查看器执行允许的操作之一时,它以消息"不允许"停止。
下面是堆栈跟踪:
1 sfPatternRouting Connect sfRoute "sf_guard_signin" (/guard/login)
2 sfPatternRouting Connect sfRoute "sf_guard_signout" (/guard/logout)
3 sfPatternRouting Match route "homepage" (/) for / with parameters
array ( 'module' => 'strain', 'action' => 'index',)
4 sfFilterChain Executing filter "sfRenderingFilter"
5 sfFilterChain Executing filter "sfBasicSecurityFilter"
6 Doctrine_Connection_Mysql exec : SET NAMES 'UTF8' - ()
7 Doctrine_Connection_Statement execute : SELECT s.id AS s__id, s.first_name AS
s__first_name, s.last_name AS s__last_name, s.email_address AS s__email_address, s.username
AS s__username, s.algorithm AS s__algorithm, s.salt AS s__salt, s.password AS s__password,
s.is_active AS s__is_active, s.is_super_admin AS s__is_super_admin, s.last_login AS
s__last_login, s.avatar AS s__avatar, s.token AS s__token, s.notify_new_order AS
s__notify_new_order, s.notify_ready_order AS s__notify_ready_order, s.initials AS
s__initials, s.created_at AS s__created_at, s.updated_at AS s__updated_at FROM sf_guard_user
s WHERE (s.id = ?) LIMIT 1 - (25)
8 sfBasicSecurityFilter Action "strain/index" requires credentials
"[admin, viewer]", forwarding to "sfGuardAuth/secure"
9 sfFilterChain Executing filter "sfRenderingFilter"
10 sfFilterChain Executing filter "InboxFilter"
11 Doctrine_Connection_Statement execute : DELETE FROM notification WHERE
(status = ? AND updated_at < ?) - (2, 2012-05-19 14:21:05)
12 sfFilterChain Executing filter "sfExecutionFilter"
13 sfGuardAuthActions Call "sfGuardAuthActions->executeSecure()"
14 sfPHPView Render "sf_app_dir/modules/sfGuardAuth/templates/secureSuccess.php"
15 main Call "sfGuardAuth->executeSignin_form()"
16 sfPartialView Render "sf_app_dir/modules/sfGuardAuth/templates/_signin_form.php"
17 main Set slot "error_message"
18 sfPHPView Decorate content with "sf_app_dir/templates/login.php"
19 sfPHPView Render "sf_app_dir/templates/login.php"
20 main Get slot "error_message"
21 sfWebResponse Send status "HTTP/1.1 403 Forbidden"
22 sfWebResponse Send header "Content-Type: text/html; charset=utf-8"
有什么线索吗?
最后我发现了问题,不是应用程序要求两个凭据,问题是 Symfony 正在查看表权限,而我正在使用该组。
非常感谢您的所有回答。
根据堆栈跟踪,用户需要同时拥有admin和viewer凭据。
如果不是这种情况,错误应该是(注意[[&]]):
操作"应变/索引"需要凭据"[[admin,viewer]]",转发到"sfGuardAuth/secure"
重新检查您的 security.yml 或将完整文件粘贴到您的问题中。