[英]Sonata Admin: Let users only edit entities they own (ACL)
I have Sonata Admin set up with ACLs. 我有使用ACL设置的Sonata Admin。 I have different users, groups and permissions which work fine.
我有不同的用户,组和权限,工作正常。 To achieve this, i followed the Sonata Admin documentation on ACLs .
为此,我按照ACL上的Sonata Admin文档进行了操作 。
So here is my question : What is a clean way to ensure that backend (admin) users can only view, edit and delete the entities they created with Symfony's and Sonata Admin's built-in ACL mechanisms? 所以这是我的问题 :什么是一种干净的方法来确保后端(管理员)用户只能查看,编辑和删除他们使用Symfony和Sonata Admin的内置ACL机制创建的实体? Sonata Admin automatically stores the owner (creator) of the object once it is persisted in the ACL tables (from the Sonata docs ):
保存在ACL表格中后,Sonata Admin会自动存储对象的所有者(创建者)(来自Sonata文档 ):
Owner : when an object is created, the currently logged in user is set as owner for that object and is granted all access for that object;
所有者 :创建对象时,当前登录的用户被设置为该对象的所有者,并被授予该对象的所有访问权限;
The same question has already been answered on Stackoverflow , but the answer does not explain in detail how to solve it with ACLs. Stackoverflow上已经回答了同样的问题 ,但答案并没有详细解释如何使用ACL解决它。
There is a new Symfony bundle doing just that: https://github.com/coopTilleuls/CoopTilleulsAclSonataAdminExtensionBundle 有一个新的Symfony捆绑就是这样做: https : //github.com/coopTilleuls/CoopTilleulsAclSonataAdminExtensionBundle
All you need to do is enable ACL in Sonata Admin , install the bundle and activate it. 您需要做的就是在Sonata Admin中启用ACL ,安装捆绑包并激活它。 Pretty easy and effective, I use it in my Symfony2 project with Sonata Admin 2.2.
非常简单有效,我在Sonata Admin 2.2的Symfony2项目中使用它。
I saw 2 ways to do that: 我看到了两种方法:
CreateQuery()
CreateQuery()
I was not able to do any of these for doing the very simple thing that I needed, but I think this is the idea. 我无法做任何这些我做的非常简单的事情,但我认为这是个主意。
Actually this is one of many Symfony things on which I spent many hours and thousands lines of code without big success... Such simple needs should not be as much pain in the arse... 实际上,这是许多Symfony的事情之一,我花了很多时间和成千上万行代码而没有大的成功......这样简单的需求不应该像屁股一样痛苦......
Don't grant the EDIT
permission to the users. 不要向用户授予
EDIT
权限。 They can edit the instances they own but not others' instances. 他们可以编辑他们拥有的实例,但不能编辑其他实例。
I use this configuration: 我用这个配置:
#app/config/config.yml
sonata_admin:
security:
information:
STAFF: [VIEW, LIST, CREATE]
EDITOR: [OPERATOR, EXPORT]
ADMIN: [MASTER]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.