我将Sonata Admin Bundle与ACL集成在一起,并具有以下配置:
sonata_admin:
security:
handler: sonata.admin.security.handler.acl
# acl security information
information:
GUEST: [VIEW, LIST]
MAINTAINER: [EDIT, LIST]
STAFF: [EDIT, LIST, CREATE]
EDITOR: [OPERATOR, EXPORT]
ADMIN: [MASTER]
# permissions not related to an object instance and also to be available when objects do not exist
# the DELETE admin permission means the user is allowed to batch delete objects
admin_permissions: [CREATE, LIST, DELETE, UNDELETE, EXPORT, OPERATOR, MASTER]
# permission related to the objects
object_permissions: [VIEW, EDIT, DELETE, UNDELETE, OPERATOR, MASTER, OWNER]
安全性:
role_hierarchy:
ROLE_OPERATOR:
- ROLE_ADMIN_BOOKING_ADMIN
- ROLE_ADMIN_PAYMENT_ADMIN
流程是我们通过BookingAdmin类创建预订对象,并在postPersist doctrine事件监听器中创建支付对象。
$payment = new Payment();
//... set here
$this->entityManager->persist($payment);
$this->entityManager->flush();
问题出在列表中我无法看到编辑按钮,但我可以删除。
当手动运行命令时:
php bin/console sonata:admin:generate-object-acl
我在这里做错了什么?因为我使用同一个用户登录。
经过少量研究后,我发现了下一个问题https://sonata-project.org/bundles/admin/2-3/doc/reference/security.html#acl-and-friendsofsymfony-userbundle
A listener must be implemented that creates the object Access Control List with the required rules if objects are created outside the Admin
这是什么意思,以及我应该如何在侦听器中采取正确的ACL角色?
答案 0 :(得分:0)
我认为你没有指出你所允许的行动足够详细......你只是指向管理员,例如" ROLE_ADMIN_BOOKING_ADMIN" ...在文档之后,配置应为" ROLE_ADMIN_BOOKING_ADMIN_EDIT"例如,允许此角色编辑您的管理员...写" ROLE_ADMIN_BOOKING_ADMIN_ALL"允许编辑所有内容...