我需要创建一个新的ROLE作为ROLE_ERECTA_TASK_ADMIN,但我不知道如何,我必须在Sonata管理界面中声明它的位置? 我使用Sonata Bundle来管理我的用户组角色,现在我只有一些ROLES,但我想创建一些其他形式的Bundles。
我的security.yml
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
# PROTEZIONE MODULO TASK
ROLE_ERECTA_TASK_ADMIN: [ROLE_ERECTA_TASK_USER]
ROLE_ERECTA_TASK_SA: [ROLE_ERECTA_TASK_ADMIN, ROLE_ALLOWED_TO_SWITCH]
SONATA:
- ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT # if you are using acl then this line must be commented
Sonata Admin用户经理:
提前致谢。
答案 0 :(得分:2)
我建议您在formMapper中手动设置角色,如下所示:
$formMapper->with('Roles')
->add('roles', 'choice',
array('choices'=>
array('ROLE_SUPER_ADMIN' => 'ROLE_SUPER_ADMIN', 'ROLE_...' => 'ROLE_...'),
'expanded'=> true,
'multiple'=> true))
->end();
同时为您的角色添加ROLE_ADMIN
和ROLE_SONATA_ADMIN
。
答案 1 :(得分:1)
还有另一种快速解决方法来添加角色。只需编辑security.yml
并将角色添加到ROLE_SUPER_ADMIN。
role_hierarchy:
...
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH, ROLE_FOO, ROLE_BAR, ...]
答案 2 :(得分:0)
为了实现更灵活的实现,还可以覆盖vendor / sonata-project / user-bundle / Security / EditableRolesBuilder.php。
不要直接编辑此文件,而是通过bundle继承或覆盖服务sonata.user.editable_role_builder来注入自定义类。
答案 3 :(得分:0)
我的Admin类中有一些自定义操作。我所做的只是在管理类中“配置”这些。标准的Sonata \ UserBundle \ Security \ EditableRolesBuilder调用Sonata BaseAdmin类的“getSecurityInformation”的公共函数:
foreach ($admin->getSecurityInformation() as $role => $permissions) {
$role = sprintf($baseRole, $role);
if ($isMaster) {
// if the user has the MASTER permission, allow to grant access the admin roles to other users
$roles[$role] = $role;
} elseif ($this->securityContext->isGranted($role)) {
// although the user has no MASTER permission, allow the currently logged in user to view the role
$rolesReadOnly[$role] = $role;
}
}
这就是我挂钩的地方。只是覆盖这个函数自己的Admin类(我在我的BaseAdmin类中完成了这个,它从Sonata \ AdminBundle \ Admin \ Admin扩展)
/**
* List here the customized roles actions which are used within the Admin class you have extended. (e.g. the
* CustomerAdmin uses a special function to login as the customer. In this case set the array to array('LOGIN') and
* use at certain points like ->isGranted('LOGIN'). This is also available in templates like
* admin.isGranted('LOGIN', object)).
* The actions you are listing here, will be appended to the standard actions: EDIT, LIST, CREATE, VIEW, DELETE,
* EXPORT, OPERATOR, MASTER.
*
* @see http://sonata-project.org/bundles/admin/master/doc/index.html
*
* @var array
*/
protected $customizedRoles = array();
/**
* {@inheritdoc}
*/
public function getSecurityInformation()
{
$standardAdminRoles = parent::getSecurityInformation();
$customizedAdminRoles = $this->getCustomizedAdminRoles();
$allAdminRoles = array_merge($standardAdminRoles, $customizedAdminRoles);
ksort($allAdminRoles);
return $allAdminRoles;
}
/**
* Get the customized roles set at property of the Admin class 'customizedRoles' prepared to append to the standard
* roles.
*
* @return array
*/
private function getCustomizedAdminRoles()
{
$customizedRoles = array();
if (is_array($this->customizedRoles) && !empty($this->customizedRoles)) {
foreach ($this->customizedRoles as $customizedRole) {
$customizedRole = strtoupper($customizedRole);
$customizedRoles[$customizedRole] = $customizedRole;
}
}
return $customizedRoles;
}
然后通过覆盖在管理类中填充此数组:
/** @{inheritdoc} */
protected $customizedRoles = array('LOGIN');
就是这样。对我来说,努力和设计似乎相当公平。 : - )
答案 4 :(得分:-2)
我找到了另一种方式,感谢Rpg600:)
我在vendor / bundles / Sonata / UserBundle / Form / Type / SecurityRolesType.php上写了这段代码
public function getDefaultOptions(array $ options) { $ options = parent :: getDefaultOptions($ options);
$roles = array();
//== MY-CODE ============================================================================================================
$Role_to_add= array();
foreach ($this->pool->getContainer()->getParameter('security.role_hierarchy.roles') as $key => $value_roles_group_array)
if('_ALL'== substr($key,-4,4))
foreach ($value_roles_group_array as $key => $new_roles_string)
$roles[$new_roles_string]=$new_roles_string;
//======================================================================================================================
$rolesReadOnly = array();
...
现在在app / config / security.yml
中role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
# PROTEZIONE MODULO TASK
ROLE_ERECTA_TASK_ALL: [ROLE_ERECTA_TASK_USER, ROLE_ERECTA_TASK_ADMIN, ROLE_ERECTA_TASK_SA]
ROLE_ERECTA_TASK_ADMIN: [ROLE_ERECTA_TASK_USER]
ROLE_ERECTA_TASK_SA: [ROLE_ERECTA_TASK_ADMIN, ROLE_ALLOWED_TO_SWITCH]
SONATA:
- ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT # if you are using acl then this line must be commented
当我在层次结构角色中添加一个以“_ALL”结尾的ROLE时,我的代码会在sonata管理表单用户中加载显示新角色字符串的所有子元素。
现在,当我执行登录时,我可以看到我的新角色。