Jea*_*ean 13 roles symfony symfony-2.1 sonata-admin
我开始在Symfony2.1应用程序中使用SonataAdminBundle.我开发了所有类,现在我希望添加角色以防止查看,列出和编辑对这些用户组(例如非管理员用户)的操作.Admin
请注意,我不使用SonataUserBundle(派生自FOSUserBundle),我想使用sonata.admin.security.handler.roleSonata提供的安全处理程序:ACL对我的小项目来说功能太强大(并且提供了大量开销).
我自己的UserBundle提供User类和Group类(最后一个用于指定每个用户的角色).角色层次结构在我的security.yml文件中提供,例如:
security:
role_hierarchy:
ROLE_POST_AUTHOR: ROLE_USER
ROLE_ADMIN: [ ROLE_USER, ROLE_POST_AUTHOR]
ROLE_SUPER_ADMIN: [ ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
现在,我通过指定安全处理程序来配置config.yml文件
sonata_admin:
security:
handler: sonata.admin.security.handler.role
在官方的文档更侧重于如何使用ACL和SonataUserBundle,所以我不知道怎么我的角色从链接security.yml与SonataAdminBundle.
PS:类似的问题是:SonataAdminBundle安全角色.
vba*_*osh 17
尝试在ROLE_<service.name>_<RIGHT>哪里创建角色
<service.name> 是你的奏鸣曲管理服务名称的UPPER-CASE-ed和DOT-REPLACED-BY-UNDERSCORE版本<RIGHT>是(参考)之一:
CREATEDELETEEDITLISTVIEWEXPORTOPERATORMASTER以下是我的security.yml的片段:
role_hierarchy:
ROLE_MANAGER:
- ROLE_USER
- ROLE_SONATA_STUFF # have no effect on the UI
- ROLE_SONATA_ADMIN # with this role you have a nice navbar with search box
# user
- ROLE_SONATA_ADMIN_USER_LIST
- ROLE_SONATA_ADMIN_USER_VIEW
# product
- ROLE_SONATA_ADMIN_PRODUCT_LIST
- ROLE_SONATA_ADMIN_PRODUCT_VIEW
- ROLE_SONATA_ADMIN_PRODUCT_EDIT
# product category
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_LIST
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_VIEW
ROLE_ADMIN:
- ROLE_SONATA_ADMIN # with this role you have a nice navbar with search box
# user
- ROLE_SONATA_ADMIN_USER_CREATE
- ROLE_SONATA_ADMIN_USER_DELETE
- ROLE_SONATA_ADMIN_USER_EDIT
- ROLE_SONATA_ADMIN_USER_LIST
- ROLE_SONATA_ADMIN_USER_VIEW
- ROLE_SONATA_ADMIN_USER_EXPORT
- ROLE_SONATA_ADMIN_USER_OPERATOR
- ROLE_SONATA_ADMIN_USER_MASTER
# product
- ROLE_SONATA_ADMIN_PRODUCT_CREATE
- ROLE_SONATA_ADMIN_PRODUCT_DELETE
- ROLE_SONATA_ADMIN_PRODUCT_EDIT
- ROLE_SONATA_ADMIN_PRODUCT_LIST
- ROLE_SONATA_ADMIN_PRODUCT_VIEW
- ROLE_SONATA_ADMIN_PRODUCT_EXPORT
- ROLE_SONATA_ADMIN_PRODUCT_OPERATOR
- ROLE_SONATA_ADMIN_PRODUCT_MASTER
# product category
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_CREATE
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_DELETE
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_EDIT
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_LIST
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_VIEW
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_EXPORT
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_OPERATOR
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_MASTER
# purchase
- ROLE_SONATA_ADMIN_PURCHASE_CREATE
- ROLE_SONATA_ADMIN_PURCHASE_DELETE
- ROLE_SONATA_ADMIN_PURCHASE_EDIT
- ROLE_SONATA_ADMIN_PURCHASE_LIST
- ROLE_SONATA_ADMIN_PURCHASE_VIEW
- ROLE_SONATA_ADMIN_PURCHASE_EXPORT
- ROLE_SONATA_ADMIN_PURCHASE_OPERATOR
- ROLE_SONATA_ADMIN_PURCHASE_MASTER
# payment
- ROLE_SONATA_ADMIN_PAYMENT_CREATE
- ROLE_SONATA_ADMIN_PAYMENT_DELETE
- ROLE_SONATA_ADMIN_PAYMENT_EDIT
- ROLE_SONATA_ADMIN_PAYMENT_LIST
- ROLE_SONATA_ADMIN_PAYMENT_VIEW
- ROLE_SONATA_ADMIN_PAYMENT_EXPORT
- ROLE_SONATA_ADMIN_PAYMENT_OPERATOR
- ROLE_SONATA_ADMIN_PAYMENT_MASTER
# notification: email template
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_CREATE
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_DELETE
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_EDIT
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_LIST
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_VIEW
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_EXPORT
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_OPERATOR
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_MASTER
ROLE_SUPER_ADMIN:
- ROLE_ADMIN
- ROLE_ALLOWED_TO_SWITCH
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_SONATA_ADMIN }
以下是我的一个片段@ AdminBundle /资源/配置/ service.yml(仅服务名称是与此有关):
sonata.admin.user:
class: Acme\AdminBundle\Admin\UserAdmin
tags:
- { name: sonata.admin, manager_type: orm, group: "User", label: "User" }
arguments:
- ~
- Acme\UserBundle\Entity\User
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
sonata.admin.product:
class: Acme\AdminBundle\Admin\ProductAdmin
tags:
- { name: sonata.admin, manager_type: orm, group: "Store", label: "Product" }
arguments:
- ~
- Acme\StoreBundle\Entity\Product
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
sonata.admin.product_category:
class: Acme\AdminBundle\Admin\ProductCategoryAdmin
tags:
- { name: sonata.admin, manager_type: orm, group: "Store", label: "Category" }
arguments:
- ~
- Acme\StoreBundle\Entity\ProductCategory
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
sonata.admin.purchase:
class: Acme\AdminBundle\Admin\PurchaseAdmin
tags:
- { name: sonata.admin, manager_type: orm, group: "Store", label: "Purchase" }
arguments:
- ~
- Acme\StoreBundle\Entity\Purchase
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
sonata.admin.payment:
class: Acme\AdminBundle\Admin\PaymentAdmin
tags:
- { name: sonata.admin, manager_type: orm, group: "Payment", label: "Payment" }
arguments:
- ~
- Acme\PaymentBundle\Entity\Payment
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
sonata.admin.notification.email_template:
class: Acme\AdminBundle\Admin\Notification\EmailTemplateAdmin
tags:
- { name: sonata.admin, manager_type: orm, group: "Notification", label: "Email Template" }
arguments:
- ~
- Acme\NotificationBundle\Entity\EmailTemplate
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]