Symfony2 SonataAdmin: “Access Denied” Exception when trying to extend SonataUserAdmin

Question

I need to extend SonataUser to set a field called isAdmin to true when a user is being created from the backend. I have different User groups for ADMIN => (can create admin users and perform CRUD on other entities) and STAFF => (can perform CRUD on other entities). Customers register from the frontend.

Both backend_users (STAFF) and customers are instances of the User entity, which extends SonataUser.

---

Till now I was using the default User and Group Admin classes. Here is how my app/config/config.yml looked

...app/config/config.yml...
            users:
                label: Users
                items: [ sonata.user.admin.user ]
            groups:
                label: Groups
                items: [sonata.user.admin.group]
...

It worked fine for me.

Now I needed to customize the default implementation so I copied the code from Sonata/UserBundle/User/BaseUser.php to <my namespace>/AdminBundle/Admin/BackendUser.php I created the new service and mapped it in config.yml

...app/config/config.yml...
            users:
                label: Users
                items: [ gd_admin.backend_user ]
            groups:
                label: Groups
                items: [sonata.user.admin.group]
...


...GD/AdminBundle/Resources/services.yml...
parameters:
    gd_admin.backend_user.class: GD\AdminBundle\Admin\BackendUserAdmin
..
services:
    gd_admin.backend_user:
        class: %gd_admin.backend_user.class%
        tags:
            - { name: sonata.admin, manager_type: orm, label: Backend User } 
        arguments: [null, GD\AdminBundle\Entity\User, null]
        # NOTE: No group defined in tags
...

Earlier I had granted the following roles my ADMIN Group:

        'ROLE_SONATA_USER_ADMIN_USER_EDIT',
        'ROLE_SONATA_USER_ADMIN_USER_LIST',
        'ROLE_SONATA_USER_ADMIN_ USER _CREATE',
        'ROLE_SONATA_USER_ADMIN_ USER _VIEW',
        'ROLE_SONATA_USER_ADMIN_ USER _DELETE',
        'ROLE_SONATA_USER_ADMIN_ USER _OPERATOR',
        'ROLE_SONATA_USER_ADMIN_ USER _MASTER',
Now they are:
        'ROLE_GD_ADMIN_BACKEND_USER_EDIT',
        'ROLE_GD_ADMIN_BACKEND_USER_LIST',
        'ROLE_GD_ADMIN_BACKEND_USER_CREATE',
        'ROLE_GD_ADMIN_BACKEND_USER_VIEW',
        'ROLE_GD_ADMIN_BACKEND_USER_DELETE',
        'ROLE_GD_ADMIN_BACKEND_USER_OPERATOR',
        'ROLE_GD_ADMIN_BACKEND_USER_MASTER',

---

When I log into my admin/dashboard I am able to see the BackendUser in Admin Dashboard widget. But when I click on the "List" or "Add new" I get a 403: Access Denied Exception.

Where am I going wrong?

Thanks, Amit

Answer 1

I don't think you have to mess around with the BaseUser class from the sonata user bundle.

Instead you could create a new admin crud in your own bundle based on the sonata user admin crud (Sonata\\UserBundle\\Admin\\Document\\UserAdmin) and extend it with a prePersist() method to set isAdmin to true:

public function prePersist($object)
{
  $object->setIsAdmin(true);
}

prePersist is actually a hook that is called before persisting a new entity.