Is it possible to manage permissions only on specific entries in a table with FOS User / Sonata / Symfony?

Question

I'm actually making a small application that aim to show the capacity of the Admin Generator Sonata. For the moment, I can show tables from PostGIS using Doctrine, edit them, filter them. I also added FOS User into my Admin Bundle, so that I can handle roles.

For example, I have three tables in my admin interface. The user 1 can only see and edit the first table. The user 2 can see all the tables but can only edit the 2 and 3.

This is working. But now, I want to go further; but I don't know if this is possible.

I'll write you what I have in mind :

I want the user 1, when he is editing the table 1, to only be able to edit specific entries. For example, the table has 4 entries with an ID field (1, 2 ,3 ,4). Is it possible to allows an user to see al the entries, but only edit the fields from the entries that has 1 as value of its ID field.

I hope I am clear enough :-/. If not, I'll try to design it quickly on paint (:Ð) and post it there so maybe it will be clearer. If this is possible, any tips or example ? Thanks by advance :-) !

Vince

Answer 1

You can use ACLs to manage this kind of permissions.

The role-permission model is not really suited for that kind of task.

More information about ACLs can be found in the documentation chapters:

How to use Access Control Lists (ACLs)

How to use Advanced ACL Concepts

Further information about the implementation can be found in the SonataAdminbundle docs:

Sonata -> Admin -> Documentation -> Security