I integrated the Sonata Admin Bundle with ACL, and have the following configs:
sonata_admin:
security:
handler: sonata.admin.security.handler.acl
# acl security information
information:
GUEST: [VIEW, LIST]
MAINTAINER: [EDIT, LIST]
STAFF: [EDIT, LIST, CREATE]
EDITOR: [OPERATOR, EXPORT]
ADMIN: [MASTER]
# permissions not related to an object instance and also to be available when objects do not exist
# the DELETE admin permission means the user is allowed to batch delete objects
admin_permissions: [CREATE, LIST, DELETE, UNDELETE, EXPORT, OPERATOR, MASTER]
# permission related to the objects
object_permissions: [VIEW, EDIT, DELETE, UNDELETE, OPERATOR, MASTER, OWNER]
security:
role_hierarchy:
ROLE_OPERATOR:
- ROLE_ADMIN_BOOKING_ADMIN
- ROLE_ADMIN_PAYMENT_ADMIN
The flow is we create a booking object via BookingAdmin
class and in postPersist doctrine event listener I create the payment Object.
$payment = new Payment();
//... set here
$this->entityManager->persist($payment);
$this->entityManager->flush();
The problem is in list I'm not able to see the edit button, but I can delete.
And when run manual the command:
php bin/console sonata:admin:generate-object-acl
after that I'm able to see the edit button.
What I do wrong here ? Because I'm logged with the same user.
After few research I found the next problem https://sonata-project.org/bundles/admin/2-3/doc/reference/security.html#acl-and-friendsofsymfony-userbundle
A listener must be implemented that creates the object Access Control List with the required rules if objects are created outside the Admin
What this mean, and how I should do in listener to take the correct ACL role?
我认为您没有足够详细地说明允许的操作...仅使用“ ROLE_ADMIN_BOOKING_ADMIN”指向管理员...在文档之后,配置应为“ ROLE_ADMIN_BOOKING_ADMIN_EDIT”,例如,以允许该角色编辑您的管理员...编写“ ROLE_ADMIN_BOOKING_ADMIN_ALL”以允许编辑所有内容...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.