stackoom
  简体   繁体   中英

Roles for Sonata Admins

 原文  2016-10-27 09:28:58       symfony/ sonata-admin/ symfony-sonata/ sonata-user-bundle

Question

I am making use of SonataAdminBundle without SonataUserBundle, but with FOSUserBundle only. The reason is because I use Symfony 3, and SonataUserBundle doesn't work there.

Now, I have 24 Admin services. I need to modify only one Admin Class so that users can't create new users and that they can't modify other users' profiles. Only Super Admin is able to do that.

But does that mean that I have to write 24 Admins' roles out like this? 

ROLE_OPTICKS_ACCESS:
    - ROLE_SONATA_ADMIN_FOO_LIST
    - ROLE_SONATA_ADMIN_FOO_VIEW
    - ROLE_SONATA_ADMIN_FOO_CREATE
    - ROLE_SONATA_ADMIN_FOO_EDIT
    - ROLE_SONATA_ADMIN_FOO_DELETE
    - ROLE_SONATA_ADMIN_FOO_EXPORT

I will then end up with about 144 of this lines in my security.yml. And then I can remove the two lines that says ROLE_SONATA_ADMIN_USER_CREATE and ROLE_SONATA_ADMIN_USER_EDIT and then still figure a way out to make it only possible to edit his own profile.

Can anybody assist? Is this the best way to do it? Am I doing it right?

Because I was just thinking of something like this; 

protected function configureRoutes(RouteCollection $collection)
{
    $securityContext = $this->getConfigurationPool()->getContainer()->get('security.authorization_checker');

    if (!$securityContext->isGranted('ROLE_SUPER_ADMIN')) {
        $collection->remove('create');
        $collection->remove('edit');
    }
}

But apparently I'm doing it the wrong way around, and I get an error as well saying;

The token storage contains no authentication token. One possible reason may be that there is no firewall configured for this URL

Please, I need desperately help.

1 answers

solution1
 0  2016-10-27 12:34:24

You may implement your own security handler 

sonata_admin:
    security:
        handler: app.security.handler

This is a service, and you have to implement your own isGranded method 

public function isGranted(AdminInterface $admin, $attributes, $object = null)
{
    if ($admin instanceof FooAdmin) {
        return $this->securityChecker->isGranted("ROLE_SONATA_ADMIN_FOO");
    }
}

In this way any who has a ROLE_SONATA_ADMIN_FOO role will be able to make anythins with FooAdmin . It's just a sketch, of course, you may implement more complex logic.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Sonata Admin general roles Sonata Admin - assign permissions to roles Export user roles with Sonata admin Sonata admin Dashboard Block Roles In sonata admin how can we have multiple levels child admins Remove child admins from sidemenu in sonata-admin How i can make 2 admins for one entity in Sonata Admin? How to provide SF/Sonata RepeatedType (pw) on User/edit for Admins In Sonata Admin, How To Get Unmapped Field in sonata_type_collection Embedded Admins Group roles into one checkbox in Sonata form
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM