tourze / doctrine-row-permission-bundle
Doctrine Row Permission Bundle
Installs: 0
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Type:symfony-bundle
Requires
- php: ^8.1
- ext-hash: *
- doctrine/common: ^3.5
- doctrine/dbal: ^4.0
- doctrine/doctrine-bundle: ^2.13
- doctrine/orm: ^3.0
- doctrine/persistence: ^3.1 || ^4
- psr/cache: ^1.0|^2.0|^3.0
- psr/log: ^3|^2|^1
- symfony/config: ^6.4
- symfony/console: ^6.4
- symfony/dependency-injection: ^6.4
- symfony/doctrine-bridge: ^6.4
- symfony/framework-bundle: ^6.4
- symfony/http-kernel: ^6.4
- symfony/security-core: ^6.4
- symfony/yaml: ^6.4 || ^7.1
- tourze/doctrine-indexed-bundle: 0.0.*
- tourze/doctrine-snowflake-bundle: 0.1.*
- tourze/doctrine-timestamp-bundle: 0.0.*
- tourze/doctrine-track-bundle: 0.1.*
- tourze/doctrine-user-bundle: 0.0.*
- tourze/easy-admin-attribute: 0.1.*
Requires (Dev)
- phpstan/phpstan: ^2.1
- phpunit/phpunit: ^10.0
This package is auto-updated.
Last update: 2025-05-29 13:20:24 UTC
README
这个 Symfony bundle 用于提供行级别的数据权限控制,作为 RBAC 权限体系的补充,实现对数据的精确控制。
安装
通过 Composer 安装:
composer require tourze/doctrine-row-permission-bundle
功能特点
- 为特定用户授予对特定实体行的访问权限
- 支持多种权限类型:查看、编辑、解除关联
- 支持同时禁止访问特定实体
- 提供查询构建器条件,轻松应用于 Doctrine 查询
- 支持缓存机制,提高性能
配置
在 config/bundles.php
中注册 bundle:
return [ // ... Tourze\DoctrineRowPermissionBundle\DoctrineRowPermissionBundle::class => ['all' => true], ];
使用方法
授予权限
// 通过依赖注入获取服务 use Tourze\DoctrineRowPermissionBundle\Interface\RowPermissionInterface; use Tourze\DoctrineRowPermissionBundle\Interface\PermissionConstantInterface; class YourService { public function grantPermission( RowPermissionInterface $permissionService, User $user, Product $product ): void { // 授予单个实体的权限 $permissionService->grantPermission($user, $product, [ PermissionConstantInterface::VIEW => true, PermissionConstantInterface::EDIT => false, PermissionConstantInterface::UNLINK => false, ]); // 或批量授予权限 $products = $productRepository->findAll(); $permissionService->grantBatchPermissions($user, $products, [ PermissionConstantInterface::VIEW => true, ]); } }
检查权限
// 通过依赖注入获取服务 use Tourze\DoctrineRowPermissionBundle\Interface\RowPermissionInterface; use Tourze\DoctrineRowPermissionBundle\Interface\PermissionConstantInterface; class YourService { public function checkAccess( RowPermissionInterface $permissionService, User $user, Product $product ): bool { // 检查用户是否有查看权限 if ($permissionService->hasPermission($user, $product, PermissionConstantInterface::VIEW)) { return true; } return false; } }
在查询中使用权限过滤
use Tourze\DoctrineRowPermissionBundle\Interface\RowPermissionInterface; use Tourze\DoctrineRowPermissionBundle\Interface\PermissionConstantInterface; class ProductRepository extends ServiceEntityRepository { private RowPermissionInterface $permissionService; public function __construct( ManagerRegistry $registry, RowPermissionInterface $permissionService ) { parent::__construct($registry, Product::class); $this->permissionService = $permissionService; } public function findAllWithPermission(User $user): array { $qb = $this->createQueryBuilder('p'); // 获取权限条件 $conditions = $this->permissionService->getQueryConditions( Product::class, 'p', $user, [PermissionConstantInterface::VIEW] ); // 应用条件到查询构建器 foreach ($conditions as [$operator, $condition, $parameters]) { $qb->andWhere($condition); foreach ($parameters as $name => $value) { $qb->setParameter($name, $value); } } return $qb->getQuery()->getResult(); } }
许可证
MIT