SonataAdmin：阻止管理员删除自己的帐户

Question

我正在使用sonatadmin进行symfony 2项目。有时管理员用户可能会意外删除自己的帐户。如何防止管理员用户删除自己的帐户？谢谢！

Answer 1

要阻止管理员删除自己的帐户，您需要按照ADVANCED CONFIGURATION

为sonata用户定义自己的CRUDController

admin:                  # Admin Classes
    user:
        class:          Sonata\UserBundle\Admin\Entity\UserAdmin
        controller:     YourUserBundle:CRUD
        translation:    SonataUserBundle

然后在您的控制器中覆盖batchActionDelete()＆amp;这些函数中的deleteAction()函数检查请求是否包含admin对象/ id然后在此限制。

 public function deleteAction($id)
   {
       $id     = $this->get('request')->get($this->admin->getIdParameter());
       $object = $this->admin->getObject($id);

       if (!$object) {
           throw new NotFoundHttpException(sprintf('unable to find the object with id : %s', $id));
       }
       $userid  = $this->getUser()->getId() // get id of logged in user
       if($userid == $id){
               $this->addFlash(
                   'sonata_flash_error',
                   'Error you cannot delete your own account'
               );
             return $this->redirectTo($object);
       }
  // other code from base class

   }

batchActionDelete()函数

的逻辑相同

Answer 2

我正在使用SonataUserBundle和FOSUserBundle，我最终得到了以下解决方案。

config.yml：

parameters:
    sonata.user.admin.user.controller: AppBundle:CRUD\CRUD

的appbundle \控制器\ CRUD \ CRUDController：

<?php

namespace AppBundle\Controller\CRUD;

use Sonata\AdminBundle\Controller\CRUDController as Controller;
use Sonata\AdminBundle\Datagrid\ProxyQueryInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;

class CRUDController extends Controller
{
    public function deleteAction($id)
    {
        $request = $this->getRequest();
        $id      = $request->get($this->admin->getIdParameter());
        $object  = $this->admin->getObject($id);

        if (!$object) {
            throw $this->createNotFoundException(sprintf('unable to find the object with id: %s', $id));
        }

        $currentUserId = $this->getUser()->getId(); // ID of the current user
        if ($currentUserId == $id) {
            $this->addFlash(
                'sonata_flash_error',
                'You cannot delete your own account.'
            );

            return $this->redirectTo($object);
        }

        return parent::deleteAction($id);
    }

    public function batchActionDelete(ProxyQueryInterface $query)
    {
        $request       = $this->getRequest();
        $currentUserId = $this->getUser()->getId(); // ID of the current user
        $selectedUsers = $query->execute();

        foreach ($selectedUsers as $selectedUser) {
            if ($selectedUser->getId() == $currentUserId) {
                $this->addFlash(
                    'sonata_flash_error',
                    'You cannot delete your own account.'
                );

                return new RedirectResponse(
                    $this->admin->generateUrl('list', array('filter' => $this->admin->getFilterParameters()))
                );
            }
        }

        return parent::batchActionDelete($query);
    }
}

参考文献：

• M Khalid Junaid的回答
• https://sonata-project.org/bundles/admin/3-x/doc/cookbook/recipe_custom_action.html（奏鸣曲文档）
• https://sonata-project.org/bundles/user/2-0/doc/reference/advanced_configuration.html （高级配置）