我开始在 Symfony2.1 应用程序中使用SonataAdminBundle。我开发了所有Admin类,现在我希望添加角色以阻止查看,列表和编辑对这些用户组的操作(例如非管理员用户)。
请注意,我不使用 SonataUserBundle (距离 FOSUserBundle 衍生的),我想使用由奏提供的sonata.admin.security.handler.role安全处理程序:ACL对我的小项目来说太强大了(并且提供了很多开销)。
我自己的 UserBundle 提供了User类和Group类(最后一个用于指定每个用户的角色)。角色层次结构在我的 security.yml 文件中提供,例如:
security:
role_hierarchy:
ROLE_POST_AUTHOR: ROLE_USER
ROLE_ADMIN: [ ROLE_USER, ROLE_POST_AUTHOR]
ROLE_SUPER_ADMIN: [ ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
现在,我通过指定安全处理程序
来配置config.yml文件sonata_admin:
security:
handler: sonata.admin.security.handler.role
在official docs更加专注于如何使用ACL和SonataUserBundle,所以我不知道怎么我的角色从的 security.yml 的与SonataAdminBundle链接。
PS:类似的问题是:SonataAdminBundle Security roles。
答案 0 :(得分:16)
尝试使用ROLE_<service.name>_<RIGHT>
<service.name>是您的奏鸣曲管理服务名称的UPPER-CASE-ed和DOT-REPLACED-BY-UNDERSCORE版本<RIGHT>是(reference)之一:
CREATE DELETE EDIT LIST VIEW EXPORT OPERATOR MASTER 以下是我的 security.yml :
的摘录role_hierarchy:
ROLE_MANAGER:
- ROLE_USER
- ROLE_SONATA_STUFF # have no effect on the UI
- ROLE_SONATA_ADMIN # with this role you have a nice navbar with search box
# user
- ROLE_SONATA_ADMIN_USER_LIST
- ROLE_SONATA_ADMIN_USER_VIEW
# product
- ROLE_SONATA_ADMIN_PRODUCT_LIST
- ROLE_SONATA_ADMIN_PRODUCT_VIEW
- ROLE_SONATA_ADMIN_PRODUCT_EDIT
# product category
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_LIST
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_VIEW
ROLE_ADMIN:
- ROLE_SONATA_ADMIN # with this role you have a nice navbar with search box
# user
- ROLE_SONATA_ADMIN_USER_CREATE
- ROLE_SONATA_ADMIN_USER_DELETE
- ROLE_SONATA_ADMIN_USER_EDIT
- ROLE_SONATA_ADMIN_USER_LIST
- ROLE_SONATA_ADMIN_USER_VIEW
- ROLE_SONATA_ADMIN_USER_EXPORT
- ROLE_SONATA_ADMIN_USER_OPERATOR
- ROLE_SONATA_ADMIN_USER_MASTER
# product
- ROLE_SONATA_ADMIN_PRODUCT_CREATE
- ROLE_SONATA_ADMIN_PRODUCT_DELETE
- ROLE_SONATA_ADMIN_PRODUCT_EDIT
- ROLE_SONATA_ADMIN_PRODUCT_LIST
- ROLE_SONATA_ADMIN_PRODUCT_VIEW
- ROLE_SONATA_ADMIN_PRODUCT_EXPORT
- ROLE_SONATA_ADMIN_PRODUCT_OPERATOR
- ROLE_SONATA_ADMIN_PRODUCT_MASTER
# product category
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_CREATE
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_DELETE
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_EDIT
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_LIST
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_VIEW
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_EXPORT
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_OPERATOR
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_MASTER
# purchase
- ROLE_SONATA_ADMIN_PURCHASE_CREATE
- ROLE_SONATA_ADMIN_PURCHASE_DELETE
- ROLE_SONATA_ADMIN_PURCHASE_EDIT
- ROLE_SONATA_ADMIN_PURCHASE_LIST
- ROLE_SONATA_ADMIN_PURCHASE_VIEW
- ROLE_SONATA_ADMIN_PURCHASE_EXPORT
- ROLE_SONATA_ADMIN_PURCHASE_OPERATOR
- ROLE_SONATA_ADMIN_PURCHASE_MASTER
# payment
- ROLE_SONATA_ADMIN_PAYMENT_CREATE
- ROLE_SONATA_ADMIN_PAYMENT_DELETE
- ROLE_SONATA_ADMIN_PAYMENT_EDIT
- ROLE_SONATA_ADMIN_PAYMENT_LIST
- ROLE_SONATA_ADMIN_PAYMENT_VIEW
- ROLE_SONATA_ADMIN_PAYMENT_EXPORT
- ROLE_SONATA_ADMIN_PAYMENT_OPERATOR
- ROLE_SONATA_ADMIN_PAYMENT_MASTER
# notification: email template
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_CREATE
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_DELETE
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_EDIT
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_LIST
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_VIEW
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_EXPORT
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_OPERATOR
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_MASTER
ROLE_SUPER_ADMIN:
- ROLE_ADMIN
- ROLE_ALLOWED_TO_SWITCH
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_SONATA_ADMIN }
以下是我的 @ AdminBundle / Resources / config / service.yml 的片段(此处只有服务名称相关):
sonata.admin.user:
class: Acme\AdminBundle\Admin\UserAdmin
tags:
- { name: sonata.admin, manager_type: orm, group: "User", label: "User" }
arguments:
- ~
- Acme\UserBundle\Entity\User
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
sonata.admin.product:
class: Acme\AdminBundle\Admin\ProductAdmin
tags:
- { name: sonata.admin, manager_type: orm, group: "Store", label: "Product" }
arguments:
- ~
- Acme\StoreBundle\Entity\Product
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
sonata.admin.product_category:
class: Acme\AdminBundle\Admin\ProductCategoryAdmin
tags:
- { name: sonata.admin, manager_type: orm, group: "Store", label: "Category" }
arguments:
- ~
- Acme\StoreBundle\Entity\ProductCategory
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
sonata.admin.purchase:
class: Acme\AdminBundle\Admin\PurchaseAdmin
tags:
- { name: sonata.admin, manager_type: orm, group: "Store", label: "Purchase" }
arguments:
- ~
- Acme\StoreBundle\Entity\Purchase
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
sonata.admin.payment:
class: Acme\AdminBundle\Admin\PaymentAdmin
tags:
- { name: sonata.admin, manager_type: orm, group: "Payment", label: "Payment" }
arguments:
- ~
- Acme\PaymentBundle\Entity\Payment
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
sonata.admin.notification.email_template:
class: Acme\AdminBundle\Admin\Notification\EmailTemplateAdmin
tags:
- { name: sonata.admin, manager_type: orm, group: "Notification", label: "Email Template" }
arguments:
- ~
- Acme\NotificationBundle\Entity\EmailTemplate
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]