如何在 SonataAdminBundle 中使用角色
Posted
技术标签:
【中文标题】如何在 SonataAdminBundle 中使用角色【英文标题】:How to use roles in SonataAdminBundle 【发布时间】:2012-12-18 17:39:43 【问题描述】:我开始在 Symfony2.1 应用程序中使用SonataAdminBundle。我开发了所有Admin 类,现在我希望添加角色以防止对此类用户组执行view、list 和edit 操作(例如非管理员用户)。
请注意,我不使用 SonataUserBundle(派生自 FOSUserBundle)并且我想使用 Sonata 提供的 sonata.admin.security.handler.role 安全处理程序:ACL 也是对我的小项目来说功能强大(并提供大量开销)。
我自己的UserBundle提供了User类和Group类(最后用来指定每个用户的角色)。我的 security.yml 文件中提供了角色层次结构,例如:
security:
role_hierarchy:
ROLE_POST_AUTHOR: ROLE_USER
ROLE_ADMIN: [ ROLE_USER, ROLE_POST_AUTHOR]
ROLE_SUPER_ADMIN: [ ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
现在,我通过指定安全处理程序配置了 config.yml 文件
sonata_admin:
security:
handler: sonata.admin.security.handler.role
official docs 更侧重于如何使用 ACL 和 SonataUserBundle,所以我不知道如何将我的角色从 security.yml 与 SonataAdminBundle 联系起来。
PS:类似的问题是:SonataAdminBundle Security roles。
【问题讨论】:
【参考方案1】:尝试使用ROLE_<service.name>_<RIGHT> where 创建角色
<service.name> 是您的奏鸣曲管理服务名称的大写和 DOT-REPLACED-BY-UNDERSCORE 版本
<RIGHT> 是 (reference) 之一:
CREATE
DELETE
EDIT
LIST
VIEW
EXPORT
OPERATOR
MASTER
示例
以下是我的 security.yml 中的一个 sn-p:
role_hierarchy:
ROLE_MANAGER:
- ROLE_USER
- ROLE_SONATA_STUFF # have no effect on the UI
- ROLE_SONATA_ADMIN # with this role you have a nice navbar with search box
# user
- ROLE_SONATA_ADMIN_USER_LIST
- ROLE_SONATA_ADMIN_USER_VIEW
# product
- ROLE_SONATA_ADMIN_PRODUCT_LIST
- ROLE_SONATA_ADMIN_PRODUCT_VIEW
- ROLE_SONATA_ADMIN_PRODUCT_EDIT
# product category
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_LIST
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_VIEW
ROLE_ADMIN:
- ROLE_SONATA_ADMIN # with this role you have a nice navbar with search box
# user
- ROLE_SONATA_ADMIN_USER_CREATE
- ROLE_SONATA_ADMIN_USER_DELETE
- ROLE_SONATA_ADMIN_USER_EDIT
- ROLE_SONATA_ADMIN_USER_LIST
- ROLE_SONATA_ADMIN_USER_VIEW
- ROLE_SONATA_ADMIN_USER_EXPORT
- ROLE_SONATA_ADMIN_USER_OPERATOR
- ROLE_SONATA_ADMIN_USER_MASTER
# product
- ROLE_SONATA_ADMIN_PRODUCT_CREATE
- ROLE_SONATA_ADMIN_PRODUCT_DELETE
- ROLE_SONATA_ADMIN_PRODUCT_EDIT
- ROLE_SONATA_ADMIN_PRODUCT_LIST
- ROLE_SONATA_ADMIN_PRODUCT_VIEW
- ROLE_SONATA_ADMIN_PRODUCT_EXPORT
- ROLE_SONATA_ADMIN_PRODUCT_OPERATOR
- ROLE_SONATA_ADMIN_PRODUCT_MASTER
# product category
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_CREATE
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_DELETE
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_EDIT
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_LIST
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_VIEW
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_EXPORT
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_OPERATOR
- ROLE_SONATA_ADMIN_PRODUCT_CATEGORY_MASTER
# purchase
- ROLE_SONATA_ADMIN_PURCHASE_CREATE
- ROLE_SONATA_ADMIN_PURCHASE_DELETE
- ROLE_SONATA_ADMIN_PURCHASE_EDIT
- ROLE_SONATA_ADMIN_PURCHASE_LIST
- ROLE_SONATA_ADMIN_PURCHASE_VIEW
- ROLE_SONATA_ADMIN_PURCHASE_EXPORT
- ROLE_SONATA_ADMIN_PURCHASE_OPERATOR
- ROLE_SONATA_ADMIN_PURCHASE_MASTER
# payment
- ROLE_SONATA_ADMIN_PAYMENT_CREATE
- ROLE_SONATA_ADMIN_PAYMENT_DELETE
- ROLE_SONATA_ADMIN_PAYMENT_EDIT
- ROLE_SONATA_ADMIN_PAYMENT_LIST
- ROLE_SONATA_ADMIN_PAYMENT_VIEW
- ROLE_SONATA_ADMIN_PAYMENT_EXPORT
- ROLE_SONATA_ADMIN_PAYMENT_OPERATOR
- ROLE_SONATA_ADMIN_PAYMENT_MASTER
# notification: email template
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_CREATE
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_DELETE
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_EDIT
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_LIST
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_VIEW
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_EXPORT
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_OPERATOR
- ROLE_SONATA_ADMIN_NOTIFICATION_EMAIL_TEMPLATE_MASTER
ROLE_SUPER_ADMIN:
- ROLE_ADMIN
- ROLE_ALLOWED_TO_SWITCH
access_control:
- path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY
- path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY
- path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY
- path: ^/admin/, role: ROLE_SONATA_ADMIN
以下是来自我的 @AdminBundle/Resources/config/service.yml 的 sn-p(此处仅与服务名称相关):
sonata.admin.user:
class: Acme\AdminBundle\Admin\UserAdmin
tags:
- name: sonata.admin, manager_type: orm, group: "User", label: "User"
arguments:
- ~
- Acme\UserBundle\Entity\User
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
sonata.admin.product:
class: Acme\AdminBundle\Admin\ProductAdmin
tags:
- name: sonata.admin, manager_type: orm, group: "Store", label: "Product"
arguments:
- ~
- Acme\StoreBundle\Entity\Product
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
sonata.admin.product_category:
class: Acme\AdminBundle\Admin\ProductCategoryAdmin
tags:
- name: sonata.admin, manager_type: orm, group: "Store", label: "Category"
arguments:
- ~
- Acme\StoreBundle\Entity\ProductCategory
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
sonata.admin.purchase:
class: Acme\AdminBundle\Admin\PurchaseAdmin
tags:
- name: sonata.admin, manager_type: orm, group: "Store", label: "Purchase"
arguments:
- ~
- Acme\StoreBundle\Entity\Purchase
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
sonata.admin.payment:
class: Acme\AdminBundle\Admin\PaymentAdmin
tags:
- name: sonata.admin, manager_type: orm, group: "Payment", label: "Payment"
arguments:
- ~
- Acme\PaymentBundle\Entity\Payment
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
sonata.admin.notification.email_template:
class: Acme\AdminBundle\Admin\Notification\EmailTemplateAdmin
tags:
- name: sonata.admin, manager_type: orm, group: "Notification", label: "Email Template"
arguments:
- ~
- Acme\NotificationBundle\Entity\EmailTemplate
- ~
calls:
- [ setTranslationDomain, [AcmeAdminBundle]]
参考
-
Role Based Security in Sonata Admin
【讨论】:
在我描述了所有可能性之后,仍然无法理解如何定义用户和他的角色。有什么想法吗? :) 我有一个具有用户角色的实体,我在额外的 sonata_roles.yml 中定义它们以上是关于如何在 SonataAdminBundle 中使用角色的主要内容,如果未能解决你的问题,请参考以下文章
如何在 SonataAdminBundle 的上传字段上方显示当前图片?
使用 SonataAdminBundle。在两步相关实体上配置过滤器
如何仅在子管理员(SonataAdminBundle)中删除路由?