Sonata Admin 一般角色
Sonata Admin general roles
我想在我的 Sonata 管理仪表板上使用角色处理程序安全性。我使用 Symfony 2.3。
在文档中,我有:
Each permission is relative to an admin: if you try to get a list in
FooAdmin (declared as sonata.admin.demo.foo service), Sonata will
check if the user has the ROLE_SONATA_ADMIN_DEMO_FOO_EDIT role.
据我了解,如果我有以下服务:
sonata.admin.articlesonata.admin.usersonata.admin.tag
然后我需要创建一个编辑角色,作为这 3 个元素的列表:
ROLE_SONATA_ADMIN_ARTICLE_EDIT 和 ROLE_SONATA_ADMIN_USER_EDIT 和 ROLE_SONATA_ADMIN_TAG_EDIT
但我更愿意创建访问权限更多的将军,例如,在我的例子中,只需执行:ROLE_SONATA_ADMIN_EDIT 而不是三人列表。
有没有简单的方法可以用这个包来做到这一点?
您可以通过覆盖 Sonata\AdminBundle\Security\Handler\RoleSecurityHandler class 和 getBaseRole 方法轻松地做到这一点:
# AppBundle/Security/Handler/MyRoleSecurityHandler.php
namespace AppBundle\Security\Handler;
use Sonata\AdminBundle\Admin\AdminInterface;
use Sonata\AdminBundle\Security\Handler\RoleSecurityHandler;
class MyRoleSecurityHandler extends RoleSecurityHandler
{
/**
* {@inheritDoc}
*/
public function getBaseRole(AdminInterface $admin)
{
return 'ROLE_SONATA_ADMIN_%s';
}
}
覆盖与此相关的奏鸣曲服务class:
# AppBundle/Resources/config/services.yml
services:
#...
sonata.admin.security.handler.role:
class: AppBundle\Security\Handler\MyRoleSecurityHandler
public: false
arguments: [@security.context, [ROLE_SUPER_ADMIN]]
记住在您的层次结构中声明这些角色:
# app/config/security.yml
security:
role_hierarchy:
# ...
ROLE_SONATA_ADMIN_LIST: ~
ROLE_SONATA_ADMIN_SHOW: ~
ROLE_SONATA_ADMIN_EDIT: ~
ROLE_SONATA_ADMIN_DELETE: ~
# etc.
将这些角色分配给用户后,最后您可以检查:
# inside of any admin class
protected function configureListFields(ListMapper $listMapper)
{
if ($this->isGranted('EDIT')) {
# ...
}
}
Warning! The previous sonata roles (ROLE_SONATA_ADMIN_ARTICLE_EDIT, ROLE_SONATA_ADMIN_USER_EDIT, etc.) it will no work. So you could also override the class and the corresponding service of sonata-project/user-bundle/Security/EditableRolesBuilder.php to return only the hierarchy of roles.
我想在我的 Sonata 管理仪表板上使用角色处理程序安全性。我使用 Symfony 2.3。
在文档中,我有:
Each permission is relative to an admin: if you try to get a list in FooAdmin (declared as sonata.admin.demo.foo service), Sonata will check if the user has the
ROLE_SONATA_ADMIN_DEMO_FOO_EDITrole.
据我了解,如果我有以下服务:
sonata.admin.articlesonata.admin.usersonata.admin.tag
然后我需要创建一个编辑角色,作为这 3 个元素的列表:
ROLE_SONATA_ADMIN_ARTICLE_EDIT 和 ROLE_SONATA_ADMIN_USER_EDIT 和 ROLE_SONATA_ADMIN_TAG_EDIT
但我更愿意创建访问权限更多的将军,例如,在我的例子中,只需执行:ROLE_SONATA_ADMIN_EDIT 而不是三人列表。
有没有简单的方法可以用这个包来做到这一点?
您可以通过覆盖 Sonata\AdminBundle\Security\Handler\RoleSecurityHandler class 和 getBaseRole 方法轻松地做到这一点:
# AppBundle/Security/Handler/MyRoleSecurityHandler.php
namespace AppBundle\Security\Handler;
use Sonata\AdminBundle\Admin\AdminInterface;
use Sonata\AdminBundle\Security\Handler\RoleSecurityHandler;
class MyRoleSecurityHandler extends RoleSecurityHandler
{
/**
* {@inheritDoc}
*/
public function getBaseRole(AdminInterface $admin)
{
return 'ROLE_SONATA_ADMIN_%s';
}
}
覆盖与此相关的奏鸣曲服务class:
# AppBundle/Resources/config/services.yml
services:
#...
sonata.admin.security.handler.role:
class: AppBundle\Security\Handler\MyRoleSecurityHandler
public: false
arguments: [@security.context, [ROLE_SUPER_ADMIN]]
记住在您的层次结构中声明这些角色:
# app/config/security.yml
security:
role_hierarchy:
# ...
ROLE_SONATA_ADMIN_LIST: ~
ROLE_SONATA_ADMIN_SHOW: ~
ROLE_SONATA_ADMIN_EDIT: ~
ROLE_SONATA_ADMIN_DELETE: ~
# etc.
将这些角色分配给用户后,最后您可以检查:
# inside of any admin class
protected function configureListFields(ListMapper $listMapper)
{
if ($this->isGranted('EDIT')) {
# ...
}
}
Warning! The previous sonata roles (ROLE_SONATA_ADMIN_ARTICLE_EDIT, ROLE_SONATA_ADMIN_USER_EDIT, etc.) it will no work. So you could also override the class and the corresponding service of
sonata-project/user-bundle/Security/EditableRolesBuilder.phpto return only the hierarchy of roles.