[英]SonataAdmin: Prevent Admin From Deleting His Own Account
I am using sonatadmin for a symfony 2 project. 我正在使用sonatadmin进行symfony 2项目。 Sometimes admin user may accidently delete his own account.
有时管理员用户可能会意外删除自己的帐户。 how to prevent admin user to delete his own account?
如何防止管理员用户删除自己的帐户? Thanks!
谢谢!
To prevent admin to delete his own account you need define your own CRUDController
for sonata user by following ADVANCED CONFIGURATION
要防止管理员删除自己的帐户,您需要按照
ADVANCED CONFIGURATION
为sonata用户定义自己的CRUDController
admin: # Admin Classes
user:
class: Sonata\UserBundle\Admin\Entity\UserAdmin
controller: YourUserBundle:CRUD
translation: SonataUserBundle
and then in your controller override batchActionDelete()
& deleteAction()
functions in these functions check if request contains admin object/id then restrict here. 然后在你的控制器中覆盖这些函数中的
batchActionDelete()
和deleteAction()
函数,检查请求是否包含admin对象/ id然后在此处进行限制。
public function deleteAction($id)
{
$id = $this->get('request')->get($this->admin->getIdParameter());
$object = $this->admin->getObject($id);
if (!$object) {
throw new NotFoundHttpException(sprintf('unable to find the object with id : %s', $id));
}
$userid = $this->getUser()->getId() // get id of logged in user
if($userid == $id){
$this->addFlash(
'sonata_flash_error',
'Error you cannot delete your own account'
);
return $this->redirectTo($object);
}
// other code from base class
}
Same logic for batchActionDelete()
function batchActionDelete()
函数的逻辑相同
I am using SonataUserBundle along with FOSUserBundle and I ended up with the following solution. 我正在使用SonataUserBundle和FOSUserBundle,我最终得到了以下解决方案。
config.yml: config.yml:
parameters:
sonata.user.admin.user.controller: AppBundle:CRUD\CRUD
AppBundle\\Controller\\CRUD\\CRUDController: 的appbundle \\控制器\\ CRUD \\ CRUDController:
<?php
namespace AppBundle\Controller\CRUD;
use Sonata\AdminBundle\Controller\CRUDController as Controller;
use Sonata\AdminBundle\Datagrid\ProxyQueryInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
class CRUDController extends Controller
{
public function deleteAction($id)
{
$request = $this->getRequest();
$id = $request->get($this->admin->getIdParameter());
$object = $this->admin->getObject($id);
if (!$object) {
throw $this->createNotFoundException(sprintf('unable to find the object with id: %s', $id));
}
$currentUserId = $this->getUser()->getId(); // ID of the current user
if ($currentUserId == $id) {
$this->addFlash(
'sonata_flash_error',
'You cannot delete your own account.'
);
return $this->redirectTo($object);
}
return parent::deleteAction($id);
}
public function batchActionDelete(ProxyQueryInterface $query)
{
$request = $this->getRequest();
$currentUserId = $this->getUser()->getId(); // ID of the current user
$selectedUsers = $query->execute();
foreach ($selectedUsers as $selectedUser) {
if ($selectedUser->getId() == $currentUserId) {
$this->addFlash(
'sonata_flash_error',
'You cannot delete your own account.'
);
return new RedirectResponse(
$this->admin->generateUrl('list', array('filter' => $this->admin->getFilterParameters()))
);
}
}
return parent::batchActionDelete($query);
}
}
References: 参考文献:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.