stackoom
  简体   繁体   中英

Symfony2 Sonata Admin Bundle as 'frontend'

 原文  2013-12-17 10:45:15       symfony/ sonata-admin/ sonata-user-bundle

Question

We are running in a project which sort of looks like so:

The customers can login to a controlpanel in which they can edit information. The information they edited will be pulled via a REST API by other software (this allready works in a previous version).

Actually the base of our application is actually the same as the SonataAdminBundle. But as far as I know I can not filter data viewed in the SonataAdminBundle by which user is logged in.

For example:

  • User1 , User2 and User3 are employees from Customer1 . They only need to see the data they all added from Customer1
  • When a new customer Customer2 is added to the system some users are also created User10 and User11 . They only need to see information about Customer2 and not the information added by Customer1 (and vise versa)

Is this possible by using only the SonataAdminBundle? Or do we have to create our own software which is be able to to this?

I know that we have to create all different manytomany or onetomany relations, but that isn't any problem. The main question is, can I filter data by the user that is currently logged in? And when logged in as an admin or super admin no data filter must be applied.

Thanks in advance!

1 answers

solution1
 0  2013-12-17 13:25:50

Yes it is possible to use only SonataAdminBundle.

First of all, the user access data by the different list view, so you need to override the createQuery method of your Admin class to display the right Customer.

(Don't forget to inject @security.context service) 

public function createQuery($context = 'list')
{
    $query = parent::createQuery($context);

    if (!$this->isGranted('ROLE_SUPER_ADMIN') || !$this->isGranted('ROLE_ADMIN'))
    {
        $user = $this->securityContext->getToken()->getUser();

        $query->
            // your custom query.
        ;
    }

    return $query;
}

Then you need to securise all the other action (show, edit and delete) to prevent the user to access to the other Customers.

To do that i override my Controller's actions and i add my own logic before calling the parent method. 

public function editAction($id = null)
{
    // check if the user can access to the current customer
    // if not throw new AccessDeniedException();

    return parent::editAction($id);
}

Perhaps there are better methods..

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Sonata admin bundle , Symfony2 sonata admin bundle symfony Symfony2 Best Practices Editable text sonata admin bundle Sending a mail after creating of an entity | Symfony2 Sonata Admin Bundle Symfony2 sonata admin bundle list mapping with mongodb odm Symfony2 and Sonata Admin Bundle - filter timestamp displayed as date Symfony2 : Sonata Admin Bundle. What is the persistence Service? how to override a css of sonata admin bundle in symfony2 Symfony2 Sonata Admin Bundle Social Share functionality setting default value in symfony2 sonata admin bundle
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM