我发现很难弄清楚如何拒绝某些用户访问网站,这些用户在数据库中的活动设置为false。如何修改当前的logincontroller来检查数据库中的值并抛出一些accessdenied异常?
下面是logincontroller.php
namespace App\Controller\User;
use App\Form\User\LoginType;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Form\FormError;
use Symfony\Component\Form\FormFactoryInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
use Twig\Environment;
/**
* @Route("/login", name="login")
*/
final class LoginController extends Controller
{
public function __invoke(
Environment $twig,
FormFactoryInterface $formFactory,
AuthenticationUtils $authenticationUtils
): Response {
if ($this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
return new RedirectResponse('/profile');
}
$form = $formFactory->createNamed('', LoginType::class, [
'email' => $authenticationUtils->getLastUsername(),
]);
if (null !== $error = $authenticationUtils->getLastAuthenticationError(true)) {
$form->addError(new FormError($error->getMessage(), $error->getMessageKey(), $error->getMessageData()));
}
return new Response($twig->render('user/login.html.twig', [
'form' => $form->createView(),
]));
}
}
我的数据库有一个表“user”:
+----+---------+----------------+-----------+------------+--------------------------+--------------------------+------------+-----------+-----------+-----------+------------+----------------------+-------------------------------------+--------------------------------------------------------------+----------------------+-----------------------+------------------------------------------------------------------+--------------+
| id | type_id | upline_user_id | is_active | trainer_id | upline_token | upline_user_token | first_name | last_name | file_name | file_size | updated_at | unread_notifications | credential_email | credential_password | password_reset_token | password_requested_at | confirmation_token | confirmed_at |
+----+---------+----------------+-----------+------------+--------------------------+--------------------------+------------+-----------+-----------+-----------+------------+----------------------+-------------------------------------+--------------------------------------------------------------+----------------------+-----------------------+------------------------------------------------------------------+--------------+
2条答案
按热度按时间d8tt03nd1#
我认为解决办法是:https://symfony.com/doc/current/security/user_checkers.html
取代:https://symfony.com/blog/new-in-symfony-4-1-deprecated-the-advanceduserinterface
9lowa7mx2#
您正在检查用户是否已完全通过身份验证,然后将其重定向到配置文件。在这里,您还可以检查用户是否处于活动状态,如果不是,则抛出异常。我假设您的用户实体有一个isactive()或getactive()getter。