logo标签列表

如何在SonataAdminBundle中使用角色

symfonyrolessymfony-2.1sonata-admin
13
我开始在Symfony2.1应用程序中使用SonataAdminBundle。 我开发了所有的Admin类,现在我希望添加角色以防止这些用户组(例如非管理员用户)执行查看列表编辑操作。

请注意,我没有使用SonataUserBundle(源自FOSUserBundle),我想使用由Sonata提供的sonata.admin.security.handler.role安全处理程序:ACL对于我的小型项目来说过于强大(并提供了大量的开销)。
我的自己的UserBundle提供了User类和Group类(后者用于指定每个用户的角色)。 角色层次结构在我的security.yml文件中提供,例如:
security:
    role_hierarchy:
        ROLE_POST_AUTHOR:            ROLE_USER
        ROLE_ADMIN:                  [ ROLE_USER, ROLE_POST_AUTHOR]
        ROLE_SUPER_ADMIN:            [ ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]

现在,我通过指定安全处理程序来配置config.yml文件。

sonata_admin:
    security:
        handler: sonata.admin.security.handler.role

官方文档更注重如何使用ACL和SonataUserBundle,所以我不知道如何将我的security.yml中的角色与SonataAdminBundle链接起来。

PS:类似的问题是:SonataAdminBundle安全角色

1个回答
19

尝试使用ROLE_<service.name>_<RIGHT>创建角色,其中

  • <service.name>是您的Sonata管理服务名称的大写且用下划线替换点号的版本
  • <RIGHT>是以下之一 (参考文献):
    • CREATE
    • DELETE
    • EDIT
    • LIST
    • VIEW
    • EXPORT
    • OPERATOR
    • MASTER

示例

以下是我的security.yml的一部分片段:

role_hierarchy:

    ROLE_MANAGER:
        - ROLE_USER
        - ROLE_SONATA_STUFF # have no effect on the UI
        - ROLE_SONATA_ADMIN # with this role you have a nice navbar with search box
        # user
        - ROLE_SONATA_ADMIN_USER_LIST
        - ROLE_SONATA_ADMIN_USER_VIEW
        # product
        - ROLE_SONATA_ADMIN_PRODUCT_LIST
        - ROLE_SONATA_ADMIN_PRODUCT_VIEW
        - ROLE_SONATA_ADMIN_PRODUCT_EDIT
        # product category
        - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_LIST
        - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_VIEW

    ROLE_ADMIN:
        - ROLE_SONATA_ADMIN # with this role you have a nice navbar with search box
        # user
        - ROLE_SONATA_ADMIN_USER_CREATE
        - ROLE_SONATA_ADMIN_USER_DELETE
        - ROLE_SONATA_ADMIN_USER_EDIT
        - ROLE_SONATA_ADMIN_USER_LIST
        - ROLE_SONATA_ADMIN_USER_VIEW
        - ROLE_SONATA_ADMIN_USER_EXPORT
        - ROLE_SONATA_ADMIN_USER_OPERATOR
        - ROLE_SONATA_ADMIN_USER_MASTER
        # product
        - ROLE_SONATA_ADMIN_PRODUCT_CREATE
        - ROLE_SONATA_ADMIN_PRODUCT_DELETE
        - ROLE_SONATA_ADMIN_PRODUCT_EDIT
        - ROLE_SONATA_ADMIN_PRODUCT_LIST
        - ROLE_SONATA_ADMIN_PRODUCT_VIEW
        - ROLE_SONATA_ADMIN_PRODUCT_EXPORT
        - ROLE_SONATA_ADMIN_PRODUCT_OPERATOR
        - ROLE_SONATA_ADMIN_PRODUCT_MASTER
        # product category
        - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_CREATE
        - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_DELETE
        - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_EDIT
        - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_LIST
        - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_VIEW
        - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_EXPORT
        - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_OPERATOR
        - ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_MASTER
        # purchase
        - ROLE_SONATA_ADMIN_PURCHASE_CREATE
        - ROLE_SONATA_ADMIN_PURCHASE_DELETE
        - ROLE_SONATA_ADMIN_PURCHASE_EDIT
        - ROLE_SONATA_ADMIN_PURCHASE_LIST
        - ROLE_SONATA_ADMIN_PURCHASE_VIEW
        - ROLE_SONATA_ADMIN_PURCHASE_EXPORT
        - ROLE_SONATA_ADMIN_PURCHASE_OPERATOR
        - ROLE_SONATA_ADMIN_PURCHASE_MASTER
        # payment
        - ROLE_SONATA_ADMIN_PAYMENT_CREATE
        - ROLE_SONATA_ADMIN_PAYMENT_DELETE
        - ROLE_SONATA_ADMIN_PAYMENT_EDIT
        - ROLE_SONATA_ADMIN_PAYMENT_LIST
        - ROLE_SONATA_ADMIN_PAYMENT_VIEW
        - ROLE_SONATA_ADMIN_PAYMENT_EXPORT
        - ROLE_SONATA_ADMIN_PAYMENT_OPERATOR
        - ROLE_SONATA_ADMIN_PAYMENT_MASTER
        # notification: email template
        - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_CREATE
        - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_DELETE
        - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_EDIT
        - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_LIST
        - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_VIEW
        - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_EXPORT
        - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_OPERATOR
        - ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_MASTER

    ROLE_SUPER_ADMIN:
        - ROLE_ADMIN
        - ROLE_ALLOWED_TO_SWITCH

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_SONATA_ADMIN }

以下是来自我的 @AdminBundle/Resources/config/service.yml 的一段代码(仅服务名称相关):

sonata.admin.user:
    class: Acme\AdminBundle\Admin\UserAdmin
    tags:
        - { name: sonata.admin, manager_type: orm, group: "User", label: "User" }
    arguments:
        - ~
        - Acme\UserBundle\Entity\User
        - ~
    calls:
        - [ setTranslationDomain, [AcmeAdminBundle]]

sonata.admin.product:
    class: Acme\AdminBundle\Admin\ProductAdmin
    tags:
        - { name: sonata.admin, manager_type: orm, group: "Store", label: "Product" }
    arguments:
        - ~
        - Acme\StoreBundle\Entity\Product
        - ~
    calls:
        - [ setTranslationDomain, [AcmeAdminBundle]]

sonata.admin.product_category:
    class: Acme\AdminBundle\Admin\ProductCategoryAdmin
    tags:
        - { name: sonata.admin, manager_type: orm, group: "Store", label: "Category" }
    arguments:
        - ~
        - Acme\StoreBundle\Entity\ProductCategory
        - ~
    calls:
        - [ setTranslationDomain, [AcmeAdminBundle]]

sonata.admin.purchase:
    class: Acme\AdminBundle\Admin\PurchaseAdmin
    tags:
        - { name: sonata.admin, manager_type: orm, group: "Store", label: "Purchase" }
    arguments:
        - ~
        - Acme\StoreBundle\Entity\Purchase
        - ~
    calls:
        - [ setTranslationDomain, [AcmeAdminBundle]]

sonata.admin.payment:
    class: Acme\AdminBundle\Admin\PaymentAdmin
    tags:
        - { name: sonata.admin, manager_type: orm, group: "Payment", label: "Payment" }
    arguments:
        - ~
        - Acme\PaymentBundle\Entity\Payment
        - ~
    calls:
        - [ setTranslationDomain, [AcmeAdminBundle]]

sonata.admin.notification.email_template:
    class: Acme\AdminBundle\Admin\Notification\EmailTemplateAdmin
    tags:
        - { name: sonata.admin, manager_type: orm, group: "Notification", label: "Email Template" }
    arguments:
        - ~
        - Acme\NotificationBundle\Entity\EmailTemplate
        - ~
    calls:
        - [ setTranslationDomain, [AcmeAdminBundle]]

参考资料

  1. 在Sonata Admin中使用基于角色的安全性
2
还是不明白如何定义用户及其角色,即使我已经描述了所有可能性。有什么想法吗? :) - Andrey Popov
我有一个实体,其中包含用户角色,并且我在额外的sonata_roles.yml文件中定义它们。 - Matheno
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接