Symfony2 Sonata Admin Bundle作为“前端”
[英]Symfony2 Sonata Admin Bundle as 'frontend'
问题描述
We are running in a project which sort of looks like so: 
我们正在一个看起来像这样的项目中运行:
The customers can login to a controlpanel in which they can edit information. 客户可以登录可以在其中编辑信息的控制面板。 The information they edited will be pulled via a REST API by other software (this allready works in a previous version). 他们编辑的信息将由其他软件通过REST API提取(这已经可以在以前的版本中使用了)。
Actually the base of our application is actually the same as the SonataAdminBundle. 实际上,我们应用程序的基础实际上与SonataAdminBundle相同。 But as far as I know I can not filter data viewed in the SonataAdminBundle by which user is logged in. 但是据我所知,我无法过滤用户登录SonataAdminBundle中查看的数据。
For example: 例如:
- User1 , User2 and User3 are employees from Customer1 . User1 , User2和User3是Customer1的雇员。 They only need to see the data they all added from Customer1 他们只需要查看所有他们从Customer1添加的数据
- When a new customer Customer2 is added to the system some users are also created User10 and User11 . 将新客户Customer2添加到系统后,还将创建一些用户User10和User11 。 They only need to see information about Customer2 and not the information added by Customer1 (and vise versa) 他们只需要看到顾客2和customer1表 (或相反)添加信息,而不是信息
Is this possible by using only the SonataAdminBundle? 仅使用SonataAdminBundle是否可能? Or do we have to create our own software which is be able to to this? 还是我们必须创建自己的软件才能做到这一点?
I know that we have to create all different manytomany or onetomany relations, but that isn't any problem. 我知道我们必须创建所有不同的多通或单通关系,但这不是问题。 The main question is, can I filter data by the user that is currently logged in? 主要问题是,我可以按当前登录的用户筛选数据吗? And when logged in as an admin or super admin no data filter must be applied. 并且以管理员或超级管理员身份登录时,无需应用任何数据过滤器。
Thanks in advance! 提前致谢!
1 个解决方案
解决方案1
0 2013-12-17 13:25:50
Yes it is possible to use only SonataAdminBundle. 是的,只能使用SonataAdminBundle。
First of all, the user access data by the different list view, so you need to override the createQuery method of your Admin class to display the right Customer. 首先,用户通过不同的列表视图访问数据,因此您需要覆盖Admin类的createQuery方法以显示正确的Customer。
(Don't forget to inject @security.context service) (不要忘记注入@ security.context服务)
public function createQuery($context = 'list')
{
$query = parent::createQuery($context);
if (!$this->isGranted('ROLE_SUPER_ADMIN') || !$this->isGranted('ROLE_ADMIN'))
{
$user = $this->securityContext->getToken()->getUser();
$query->
// your custom query.
;
}
return $query;
}
Then you need to securise all the other action (show, edit and delete) to prevent the user to access to the other Customers. 然后,您需要对所有其他操作(显示,编辑和删除)进行证券化,以防止用户访问其他客户。
To do that i override my Controller's actions and i add my own logic before calling the parent method. 为此,我将覆盖控制器的操作,并在调用父方法之前添加自己的逻辑。
public function editAction($id = null)
{
// check if the user can access to the current customer
// if not throw new AccessDeniedException();
return parent::editAction($id);
}
Perhaps there are better methods.. 也许有更好的方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.