堆栈内存溢出
  简体   繁体   English

Sonata Admin ACL隐藏列表中的元素

[英]Sonata Admin ACL hide element in list

 原文  2017-12-20 17:19:24       php/ symfony/ acl/ sonata-admin

问题描述

After a lot of effort I was finally able to configure Sonata Admin with ACL following this guide: 经过大量的努力,我终于能够按照此指南使用ACL配置Sonata Admin:

https://sonata-project.org/bundles/admin/master/doc/reference/security.html https://sonata-project.org/bundles/admin/master/doc/reference/security.html

I wanted to users to be able to view and edit only items with the same country property as the user. 我希望用户只能查看和编辑与用户具有相同country属性的项目。

This is my config.yml: 这是我的config.yml: 

parameters:
    locale: en
    sonata.user.admin.user.class: AppBundle\Admin\UserAdmin
    sonata.admin.security.mask.builder.class: Sonata\AdminBundle\Security\Acl\Permission\MaskBuilder

# SonataAdminBundle Configuration
sonata_admin:
    security:
        handler: sonata.admin.security.handler.acl

        role_admin: ROLE_ADMIN
        role_super_admin: ROLE_SUPER_ADMIN

        # acl security information
        information:
            GUEST:    [VIEW, LIST]
            STAFF:    [EDIT, LIST, CREATE]
            EDITOR:   [OPERATOR, EXPORT]
            ADMIN:    [MASTER]

        # permissions not related to an object instance and also to be available when objects do not exist
        # the DELETE admin permission means the user is allowed to batch delete objects
        admin_permissions: [CREATE, LIST, DELETE, UNDELETE, EXPORT, OPERATOR, MASTER]

        # permission related to the objects
        object_permissions: [VIEW, EDIT, DELETE, UNDELETE, OPERATOR, MASTER, OWNER]

I created an AclVoter in order to show/hides elements: 我创建了一个AclVoter来显示/隐藏元素: 

services:
    security.acl.voter.country_owned_permissions:
        class: AppBundle\Security\Authorization\Voter\CountryOwnedAclVoter
        arguments:
            - "@security.acl.provider"
            - "@security.acl.object_identity_retrieval_strategy"
            - "@security.acl.security_identity_retrieval_strategy"
            - "@security.acl.permission.map"
            - "@logger"
        tags:
            - { name: monolog.logger, channel: security }
            - { name: security.voter, priority: 255 }
        public: false

This is the actual class: 这是实际的类: 

<?php

namespace AppBundle\Security\Authorization\Voter;

use FOS\UserBundle\Model\UserInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Acl\Voter\AclVoter;

class CountryOwnedAclVoter extends AclVoter
{
    public function supportsClass($class)
    {
        // support the Class-Scope ACL for votes with the custom permission map
        // return $class === 'Sonata\UserBundle\Admin\Entity\UserAdmin' || is_subclass_of($class, 'FOS\UserBundle\Model\UserInterface');
        // if you use php >=5.3.7 you can check the inheritance with is_a($class, 'Sonata\UserBundle\Admin\Entity\UserAdmin');
        // support the Object-Scope ACL
        return is_subclass_of($class, 'AppBundle\Model\CountryOwnedInterface');
    }

    public function supportsAttribute($attribute)
    {
        return in_array($attribute, array(
            'LIST',
            'VIEW',
            'EDIT',
            'DELETE',
            'EXPORT',
        ));
    }

    public function vote(TokenInterface $token, $object, array $attributes)
    {
        if (!$this->supportsClass(get_class($object))) {
            return self::ACCESS_ABSTAIN;
        }

        foreach ($attributes as $attribute) {
            if ($this->supportsAttribute($attribute)) {
                if ($object->getCountry() != $token->getUser()->getCountry()) {
                //if ($object->isSuperAdmin() && !$token->getUser()->isSuperAdmin()) {
                    // deny a non super admin user to edit a super admin user
                    return self::ACCESS_DENIED;
                }
            }
        }

        // use the parent vote with the custom permission map:
        // return parent::vote($token, $object, $attributes);
        // otherwise leave the permission voting to the AclVoter that is using the default permission map
        return self::ACCESS_ABSTAIN;
    }
}

It seems to work fine since a user can only edit items which have the same country as the users. 由于用户只能编辑与用户所在国家/地区相同的项目,因此似乎可以正常工作。 The problem is that he can still view the items in the list. 问题在于他仍然可以查看列表中的项目。

What am I doing wrong? 我究竟做错了什么?

在此处输入图片说明

1 个解决方案

解决方案1
 0 已采纳  2018-01-05 10:26:44

As specified in the official documentation I just needed to install a specific bundle: 按照官方文档中的说明,我只需要安装一个特定的软件包:

5.4.6. 5.4.6。 LIST FILTERING 清单筛选
List filtering using ACL is available as a third party bundle: CoopTilleulsAclSonataAdminExtensionBundle. 使用ACL的列表过滤可作为第三方捆绑包使用:CoopTilleulsAclSonataAdminExtensionBundle。 When enabled, the logged in user will only see the objects for which it has the VIEW right (or superior). 启用后,登录用户将仅看到其具有VIEW权限(或更高权限)的对象。

This will suffice: 这样就足够了: 

composer require tilleuls/acl-sonata-admin-extension-bundle

In AppKernel.php : AppKernel.php 

// ACL list filter
new CoopTilleuls\Bundle\AclSonataAdminExtensionBundle\CoopTilleulsAclSonataAdminExtensionBundle(),

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在sonata管理包中列出图像 - List Images in sonata admin bundle 带有FosUserBundle的Sonata管理员捆绑包列表 - Sonata Admin Bundle List with FosUserBundle 在块中渲染奏鸣曲管理员列表 - Render Sonata admin list in block 在列表视图中自定义下载Sonata Admin - Customize Download in the list view Sonata Admin 在Sonata Admin中编辑列表视图(角色/权限) - Edit in list view (role/permissions) in Sonata Admin 空的Sonata Admin实体列表视图 - Empty Sonata Admin entity list view 在Sonata管理员列表视图中显示不同的实体 - Showing different entities in Sonata Admin list view 列表列的Sonata Admin本地翻译策略 - Sonata Admin local translation strategy for a list column 在奏鸣曲管理列表中渲染图像。 [LiipImagineBundle] - Render image in sonata admin List. [LiipImagineBundle] 如何在Sonata Admin中显示/隐藏某些行的操作 - How to show/hide an action for some rows in Sonata Admin
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM