Sonata Admin Bundle grant permissions to a custom admin role

StackOverflow https://stackoverflow.com/questions/21908542

  •  14-10-2022
  •  | 
  •  

문제

I'm using the "role" security handler and want to create a new role "ROLE_SONATA_ADMIN" and grant all permissions to it, like: 

ROLE_SONATA_ADMIN: [MASTER]

the only way I could grant my user all permissions was to give it in security.yml:

ROLE_SONATA_ADMIN:
   - ROLE_SUPER_ADMIN

but I don't want to include ROLE_SUPER_ADMIN in my role, as I will maybe want to add some restrictions in the future

I tried to use acl

handler: sonata.admin.security.handler.role

but getting:
Argument 2 passed to Sonata\AdminBundle\Security\Handler\AclSecurityHandler::__construct() must be an instance of Symfony\Component\Security\Acl\Model\MutableAclProviderInterface

role handler is enough for me and I don't need acl

How can I create a role and grant permissions to it? I've read the documentation but still don't understand

Edit: I understand now: for every entity I need to set permissions via roles in security.yml with ROLE_SONATA_ADMIN_[service name]_[permission]
my service name is: sonata.admin.widget
here the solution:

        ROLE_SONATA_WIDGET_ADMIN:
      - ROLE_SONATA_ADMIN_WIDGET_LIST
      - ROLE_SONATA_ADMIN_WIDGET_VIEW
      - ROLE_SONATA_ADMIN_WIDGET_CREATE
      - ROLE_SONATA_ADMIN_WIDGET_EDIT
      - ROLE_SONATA_ADMIN_WIDGET_DELETE
      - ROLE_SONATA_ADMIN_WIDGET_EXPORT

    ROLE_SONATA_ADMIN:
      - ROLE_SONATA_WIDGET_ADMIN
도움이 되었습니까?

해결책

Check point 23.3 in the documentation. You can add roles in the security.yml. If you are using the role handler it works like this.

security:
    ...
    role_hierarchy:
        # for convenience, I decided to gather Sonata roles here
        ROLE_SONATA_FOO_READER:
            - ROLE_SONATA_ADMIN_DEMO_FOO_LIST
            - ROLE_SONATA_ADMIN_DEMO_FOO_VIEW
        ROLE_SONATA_FOO_EDITOR:
            - ROLE_SONATA_ADMIN_DEMO_FOO_CREATE
            - ROLE_SONATA_ADMIN_DEMO_FOO_EDIT
        ROLE_SONATA_FOO_ADMIN:
            - ROLE_SONATA_ADMIN_DEMO_FOO_DELETE
            - ROLE_SONATA_ADMIN_DEMO_FOO_EXPORT
        # those are the roles I will use (less verbose)
        ROLE_STAFF:             [ROLE_USER, ROLE_SONATA_FOO_READER]
        ROLE_ADMIN:             [ROLE_STAFF, ROLE_SONATA_FOO_EDITOR, ROLE_SONATA_FOO_ADMIN]
        ROLE_SUPER_ADMIN:       [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top