ACL + SonataAdminBundle + SonataUserBundle

▼魔方 西西 提交于 2019-12-06 05:47:31
Sir McPotato

Well, after some tweaking I achieved to make it working.

First, in my 'sonata.yml' in app/config/ I have changed the perms like the following :

app/config/sonata.yml :

sonata_admin:
    security:
        handler: sonata.admin.security.handler.acl

        # acl security information
        information:
            # GUEST:    [VIEW, LIST]
            # STAFF:    [EDIT, LIST, CREATE]
            # EDITOR:   [OPERATOR, EXPORT]
            # ADMIN:    [MASTER]
            EDIT: EDIT
            LIST: LIST
            CREATE: CREATE
            VIEW: VIEW
            DELETE: DELETE
            EXPORT: EXPORT
            MASTER: MASTER

To avoid this...

DEBUG - Access denied, the user is neither anonymous, nor remember-me

... i've commented out the following, because i think the firewall voter block the access to my user. Maybe not the wiser solution, but runs good for now :)

app/config/security.yml :

# set access_strategy to unanimous, else you may have unexpected behaviors
# access_decision_manager:
#     strategy: unanimous

Notice that my app is built only around the admin dahboard, so each user needs to have the dashboard access when they're created. In that way, I've modified my User constructor like this :

src/Application/Sonata/UserBundle/Entity/User.php :

class User extends BaseUser
{
    /**
     * @var integer $id
     */
    protected $id;

    public function __construct() {
        parent::__construct();
        // your own logic
        $this->roles = array('ROLE_USER', 'ROLE_SONATA_ADMIN', 'ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT');
    }

    /**
     * Get id
     *
     * @return integer $id
     */
    public function getId()
    {
        return $this->id;
    }
}

EDIT : It seems that, without knowing it, I replied to another of your questions ^^" (How can I assign default role to user in Symfony2)

Now each user can access the dashboard but like your issue, they cannot see anything.

I needed to use ACL, but like roles my users belong to groups who have their own ACL.

Once my user belong to one or many groups, he got the groups permissions in addition of his own permissions.

By managing one group's permissions, each user belonging to this group have his permissions modified. And by editing a user's permissions, I can make it access some pages that a group won't allow.

For example :

                        ┌─────────────┐
                        │   GROUP_1   │                 ┌───────────────┐
                        ├─────────────┤                 │     USER_1    │
                        │ CAT2_VIEW   │                 │ applied perms │
                        │ CAT2_LIST   │                 ├───────────────┤
                        │ CAT2_EDIT   │                 │ CAT1_VIEW     │
                        │ CAT2_DELETE │                 │ CAT1_LIST     │
                        ├─────────────┤                 ├───────────────┤
                        │ CAT3_VIEW   │  ├────┐         │ CAT2_VIEW     │
┌─────────────┐         │ CAT3_LIST   │       │         │ CAT2_LIST     │
│   USER_A    │         │ CAT3_EDIT   │       │         │ CAT2_EDIT     │
├─────────────┤<────────┤ CAT3_DELETE │       │         │ CAT2_DELETE   │
│ CAT1_VIEW   │         └─────────────┘       │         ├───────────────┤
│ CAT1_LIST   │                               ├────>    │ CAT3_VIEW     │
│             │         ┌─────────────┐       │         │ CAT3_LIST     │
│             │<────────┤   GROUP_2   │       │         │ CAT3_EDIT     │
└─────────────┘         ├─────────────┤       │         │ CAT3_DELETE   │
                        │ CAT4_VIEW   │       │         ├───────────────┤
                        │ CAT4_LIST   │       │         │ CAT4_VIEW     │
                        │ CAT4_EDIT   │  ├────┘         │ CAT4_LIST     │
                        │ CAT4_DELETE │                 │ CAT4_EDIT     │
                        │ CAT4_EXPORT │                 │ CAT4_DELETE   │
                        └─────────────┘                 │ CAT4_EXPORT   │
                                                        └───────────────┘

I managed to make it work this way, like I wanted, but I don't know if this is the best solution for your issue. I hope this will help you :)

PS : If anyone see any mistake or any illogical thing, don't hesitate to tell me in comment, i'm still learning to use it, and it'll be helpful :)

auipga

The PermissionMap of SonataAdminBundle extends Symfony's BasicPermissionMap. Only if you change this default configuration, the AclVoter supports the attributes 'LIST' and 'EXPORT' and can possibly vote to grant the wanted permissions.

parameters:
    security.acl.permission.map.class: Sonata\AdminBundle\Security\Acl\Permission\AdminPermissionMap

See my answer to AclVoter denies access to 'LIST'

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!