SonataAdmin:防止管理员删除自己的帐户
SonataAdmin: Prevent Admin From Deleting His Own Account
我在 symfony 2 项目中使用 sonatadmin。有时管理员用户可能会不小心删除自己的帐户。如何防止管理员用户删除自己的帐户?谢谢!
要防止管理员删除自己的帐户,您需要按照 ADVANCED CONFIGURATION
为奏鸣曲用户定义自己的 CRUDController
admin: # Admin Classes
user:
class: Sonata\UserBundle\Admin\Entity\UserAdmin
controller: YourUserBundle:CRUD
translation: SonataUserBundle
然后在您的控制器中覆盖 batchActionDelete() 和 deleteAction() 函数,在这些函数中检查请求是否包含管理员 object/id 然后在此处进行限制。
public function deleteAction($id)
{
$id = $this->get('request')->get($this->admin->getIdParameter());
$object = $this->admin->getObject($id);
if (!$object) {
throw new NotFoundHttpException(sprintf('unable to find the object with id : %s', $id));
}
$userid = $this->getUser()->getId() // get id of logged in user
if($userid == $id){
$this->addFlash(
'sonata_flash_error',
'Error you cannot delete your own account'
);
return $this->redirectTo($object);
}
// other code from base class
}
batchActionDelete() 函数
的逻辑相同
我将 SonataUserBundle 与 FOSUserBundle 一起使用,最后得到以下解决方案。
config.yml:
parameters:
sonata.user.admin.user.controller: AppBundle:CRUD\CRUD
AppBundle\Controller\CRUD\CRUDController:
<?php
namespace AppBundle\Controller\CRUD;
use Sonata\AdminBundle\Controller\CRUDController as Controller;
use Sonata\AdminBundle\Datagrid\ProxyQueryInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
class CRUDController extends Controller
{
public function deleteAction($id)
{
$request = $this->getRequest();
$id = $request->get($this->admin->getIdParameter());
$object = $this->admin->getObject($id);
if (!$object) {
throw $this->createNotFoundException(sprintf('unable to find the object with id: %s', $id));
}
$currentUserId = $this->getUser()->getId(); // ID of the current user
if ($currentUserId == $id) {
$this->addFlash(
'sonata_flash_error',
'You cannot delete your own account.'
);
return $this->redirectTo($object);
}
return parent::deleteAction($id);
}
public function batchActionDelete(ProxyQueryInterface $query)
{
$request = $this->getRequest();
$currentUserId = $this->getUser()->getId(); // ID of the current user
$selectedUsers = $query->execute();
foreach ($selectedUsers as $selectedUser) {
if ($selectedUser->getId() == $currentUserId) {
$this->addFlash(
'sonata_flash_error',
'You cannot delete your own account.'
);
return new RedirectResponse(
$this->admin->generateUrl('list', array('filter' => $this->admin->getFilterParameters()))
);
}
}
return parent::batchActionDelete($query);
}
}
参考文献:
我在 symfony 2 项目中使用 sonatadmin。有时管理员用户可能会不小心删除自己的帐户。如何防止管理员用户删除自己的帐户?谢谢!
要防止管理员删除自己的帐户,您需要按照 ADVANCED CONFIGURATION
CRUDController
admin: # Admin Classes
user:
class: Sonata\UserBundle\Admin\Entity\UserAdmin
controller: YourUserBundle:CRUD
translation: SonataUserBundle
然后在您的控制器中覆盖 batchActionDelete() 和 deleteAction() 函数,在这些函数中检查请求是否包含管理员 object/id 然后在此处进行限制。
public function deleteAction($id)
{
$id = $this->get('request')->get($this->admin->getIdParameter());
$object = $this->admin->getObject($id);
if (!$object) {
throw new NotFoundHttpException(sprintf('unable to find the object with id : %s', $id));
}
$userid = $this->getUser()->getId() // get id of logged in user
if($userid == $id){
$this->addFlash(
'sonata_flash_error',
'Error you cannot delete your own account'
);
return $this->redirectTo($object);
}
// other code from base class
}
batchActionDelete() 函数
我将 SonataUserBundle 与 FOSUserBundle 一起使用,最后得到以下解决方案。
config.yml:
parameters:
sonata.user.admin.user.controller: AppBundle:CRUD\CRUD
AppBundle\Controller\CRUD\CRUDController:
<?php
namespace AppBundle\Controller\CRUD;
use Sonata\AdminBundle\Controller\CRUDController as Controller;
use Sonata\AdminBundle\Datagrid\ProxyQueryInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
class CRUDController extends Controller
{
public function deleteAction($id)
{
$request = $this->getRequest();
$id = $request->get($this->admin->getIdParameter());
$object = $this->admin->getObject($id);
if (!$object) {
throw $this->createNotFoundException(sprintf('unable to find the object with id: %s', $id));
}
$currentUserId = $this->getUser()->getId(); // ID of the current user
if ($currentUserId == $id) {
$this->addFlash(
'sonata_flash_error',
'You cannot delete your own account.'
);
return $this->redirectTo($object);
}
return parent::deleteAction($id);
}
public function batchActionDelete(ProxyQueryInterface $query)
{
$request = $this->getRequest();
$currentUserId = $this->getUser()->getId(); // ID of the current user
$selectedUsers = $query->execute();
foreach ($selectedUsers as $selectedUser) {
if ($selectedUser->getId() == $currentUserId) {
$this->addFlash(
'sonata_flash_error',
'You cannot delete your own account.'
);
return new RedirectResponse(
$this->admin->generateUrl('list', array('filter' => $this->admin->getFilterParameters()))
);
}
}
return parent::batchActionDelete($query);
}
}
参考文献: