问题描述
在我的Symfony2项目中,我设法按照官方文档设置了FOSUserBundle + SonataUserBundle + SonataAdminBundle。现在是时候设置ACL(访问控制列表)了。
In my Symfony2 project I managed to setup FOSUserBundle + SonataUserBundle + SonataAdminBundle following official docs. Now comes the time to setup the ACL (Access control list).
我做了什么:
-
创建了一个名为AdminReport
Created an AdminClass called AdminReport
应用程序/控制台sonata:admin:setup-acl
app/console sonata:admin:setup-acl
install ACL for sonata.admin.report
update role: ROLE_SONATA_ADMIN_REPORT_GUEST, permissions: ["LIST"]
update role: ROLE_SONATA_ADMIN_REPORT_STAFF, permissions: ["LIST","CREATE"]
update role: ROLE_SONATA_ADMIN_REPORT_EDITOR, permissions: ["OPERATOR","EXPORT"]
- 创建了一个新用户,并授予他ROLE_SONATA_ADMIN_REPORT_STAFF
- app /控制台sonata:admin:generate-object-acl
- 以该用户身份登录并访问默认的/ admin / dashboard
包含AdminReport的块应该出现,但不是...我遗漏了什么?
The block containing the AdminReport should appear but it's not... I am missing something ?
这是我的config.yml
Here's my config.yml
sonata_admin:
security:
handler: sonata.admin.security.handler.acl
information:
GUEST: [VIEW, LIST]
STAFF: [EDIT, LIST, CREATE]
EDITOR: [OPERATOR, EXPORT]
ADMIN: [MASTER]
admin_permissions: [CREATE, LIST, DELETE, UNDELETE, EXPORT, OPERATOR, MASTER]
object_permissions: [VIEW, EDIT, DELETE, UNDELETE, OPERATOR, MASTER, OWNER]
编辑
我尝试直接访问与该用户一起使用app_dev.php / admin / app / report / list,Symfony会引发访问被拒绝错误。日志显示
EDITI tried to access directly app_dev.php/admin/app/report/list with this user, and Symfony throws an Access Denied error. Log says
所以我尝试更改从
sonata.admin.security.handler.acl
到
sonata.admin.security.handler.roles
的处理程序
它可以工作,因为我可以在管理面板中看到该块。我还尝试将
It works because I can see the block in admin dashboard. I also tried to change
access_decision_manager:
strategy: unanimous
更改为
affirmative
,但它没有t工作...
but it doesn't work...
我肯定缺少什么,但是在哪里?
I am definitely missing something but where ?
推荐答案
SonataAdminBundle的PermissionMap扩展了Symfony的BasicPermissionMap。仅当您更改此默认配置时,AclVoter才支持属性 LIST和 EXPORT,并且可以投票授予所需的权限。
The PermissionMap of SonataAdminBundle extends Symfony's BasicPermissionMap. Only if you change this default configuration, the AclVoter supports the attributes 'LIST' and 'EXPORT' and can possibly vote to grant the wanted permissions.
parameters:
security.acl.permission.map.class: Sonata\AdminBundle\Security\Acl\Permission\AdminPermissionMap
请参阅我对
这篇关于ACL + SonataAdminBundle + SonataUserBundle的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!