管理员将能够编辑他的网站的用户,但不能编辑密码。所以我创造了这个EditUserFormType:Symfony2中同一实体的不同验证规则
namespace CAPUserBundle\Form\Type;
use CAPShopAdminBundle\Repository\DiscountGridRepository;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\OptionsResolver\OptionsResolver;
use Symfony\Component\Form\Extension\Core\Type\TextType;
use Symfony\Component\Form\Extension\Core\Type\EmailType;
use Symfony\Component\Form\Extension\Core\Type\ChoiceType;
use Symfony\Bridge\Doctrine\Form\Type\EntityType;
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
class EditUserType extends AbstractType
{
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder->add('email', EmailType::class);
$builder->add('discountGrid', EntityType::class, array(
'class' => 'CAPShopAdminBundle:DiscountGrid',
'choice_label' => 'name',
'placeholder' => '-- Aucune --',
'required' => false,
'query_builder' => function (DiscountGridRepository $r) {
$qb = $r->createQueryBuilder('d');
$qb->orderBy('d.name', 'ASC');
return $qb;
},
'attr' => array("autocomplete" => "off"),
));
$builder->add('isActive', ChoiceType::class, array(
'choices' => array(
'Actif' => '1',
'Désactivé' => '0'
),
));
$builder->add('name', TextType::class);
$builder->add('firstname', TextType::class);
$builder->add('company', TextType::class);
$builder->add('address', TextType::class);
$builder->add('postcode', TextType::class);
$builder->add('city', TextType::class);
$builder->add('phone', TextType::class);
$builder->add('fax', TextType::class);
$builder->add('save', SubmitType::class);
}
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults([
'data_class' => 'CAPUserBundle\Entity\User',
]);
}
public function getName()
{
return 'edit_user_form';
}
}
但是,当我验证表单,就从我的用户实体plainPassword字段中的错误。
This value should not be blank. edit_user
Symfony\Component\Validator\ConstraintViolation
Object(Symfony\Component\Form\Form).data.plainPassword =
的确,为了强制用户设置时,他正在注册的密码就可以了NotBlank验证约束。
我的问题是:如何绕过这个约束来编辑我的用户? EditUserFormType中没有密码字段,所以plainPassword是无用的。但是我卡住了,因为我使用了设置NotBlank值的相同用户实体。
就目前而言,我强制plainPassord场:
$user->setPlainPassword('[email protected]');
但这是绕过约束一个可怕的方式...
我相信你不能绕过这个约束,因为如果你实现这个逻辑,你的应用程序容易受到CSRF攻击。我不确定Symfony是什么,但大多数网络就绪框架不允许您在没有额外身份验证的情况下更改/编辑重要信息 – A23149577