ACL + SonataAdminBundle + SonataUserBundle [英] ACL + SonataAdminBundle + SonataUserBundle

问题描述

在我的Symfony2项目中，我设法按照官方文档设置了FOSUserBundle + SonataUserBundle + SonataAdminBundle。现在是时候设置ACL（访问控制列表）了。

In my Symfony2 project I managed to setup FOSUserBundle + SonataUserBundle + SonataAdminBundle following official docs. Now comes the time to setup the ACL (Access control list).

我做了什么：

• 创建了一个名为AdminReport <的AdminClass

• Created an AdminClass called AdminReport

应用程序/控制台sonata：admin：setup-acl

app/console sonata:admin:setup-acl

install ACL for sonata.admin.report
update role: ROLE_SONATA_ADMIN_REPORT_GUEST, permissions: ["LIST"]
update role: ROLE_SONATA_ADMIN_REPORT_STAFF, permissions: ["LIST","CREATE"]
update role: ROLE_SONATA_ADMIN_REPORT_EDITOR, permissions: ["OPERATOR","EXPORT"]

• 创建了一个新用户，并授予他ROLE_SONATA_ADMIN_REPORT_STAFF


• app /控制台sonata：admin：generate-object-acl


• 以该用户身份登录并访问默认的/ admin / dashboard



包含AdminReport的块应该出现，但不是...我遗漏了什么？

The block containing the AdminReport should appear but it's not... I am missing something ?

这是我的config.yml

Here's my config.yml

sonata_admin:
    security:
        handler: sonata.admin.security.handler.acl
            information:
                GUEST:    [VIEW, LIST]
                STAFF:    [EDIT, LIST, CREATE]
                EDITOR:   [OPERATOR, EXPORT]
                ADMIN:    [MASTER]
            admin_permissions: [CREATE, LIST, DELETE, UNDELETE, EXPORT, OPERATOR, MASTER]
            object_permissions: [VIEW, EDIT, DELETE, UNDELETE, OPERATOR, MASTER, OWNER]

编辑
我尝试直接访问与该用户一起使用app_dev.php / admin / app / report / list，Symfony会引发访问被拒绝错误。日志显示

EDIT I tried to access directly app_dev.php/admin/app/report/list with this user, and Symfony throws an Access Denied error. Log says




DEBUG-访问被拒绝，用户既不是匿名用户也不是记住我。
而且，如果我访问app_dev.php / admin / app / report / list，它会起作用！

DEBUG - Access denied, the user is neither anonymous, nor remember-me. And if I access app_dev.php/admin/app/report/list it works !

所以我尝试更改从

sonata.admin.security.handler.acl

到

sonata.admin.security.handler.roles

的处理程序

它可以工作，因为我可以在管理面板中看到该块。我还尝试将

It works because I can see the block in admin dashboard. I also tried to change

access_decision_manager:
        strategy: unanimous

更改为

affirmative

，但它没有t工作...

but it doesn't work...

我肯定缺少什么，但是在哪里？

I am definitely missing something but where ?

推荐答案

SonataAdminBundle的PermissionMap扩展了Symfony的BasicPermissionMap。仅当您更改此默认配置时，AclVoter才支持属性 LIST和 EXPORT，并且可以投票授予所需的权限。

The PermissionMap of SonataAdminBundle extends Symfony's BasicPermissionMap. Only if you change this default configuration, the AclVoter supports the attributes 'LIST' and 'EXPORT' and can possibly vote to grant the wanted permissions.

parameters:
    security.acl.permission.map.class: Sonata\AdminBundle\Security\Acl\Permission\AdminPermissionMap

请参阅我对 AclVoter拒绝访问 LIST

这篇关于ACL + SonataAdminBundle + SonataUserBundle的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！