我将Sonata Admin Bundle与ACL集成,并具有以下配置:
配置.yml
sonata_admin:
security:
handler: sonata.admin.security.handler.acl
# acl security information
information:
GUEST: [VIEW, LIST]
MAINTAINER: [EDIT, LIST]
STAFF: [EDIT, LIST, CREATE]
EDITOR: [OPERATOR, EXPORT]
ADMIN: [MASTER]
# permissions not related to an object instance and also to be available when objects do not exist
# the DELETE admin permission means the user is allowed to batch delete objects
admin_permissions: [CREATE, LIST, DELETE, UNDELETE, EXPORT, OPERATOR, MASTER]
# permission related to the objects
object_permissions: [VIEW, EDIT, DELETE, UNDELETE, OPERATOR, MASTER, OWNER]
安全.yml
安全:
role_hierarchy:
ROLE_OPERATOR:
- ROLE_ADMIN_BOOKING_ADMIN
- ROLE_ADMIN_PAYMENT_ADMIN
流程是我们通过类创建一个预订对象BookingAdmin
并在 postPersist 原则事件侦听器中我创建付款对象。
$payment = new Payment();
//... set here
$this->entityManager->persist($payment);
$this->entityManager->flush();
问题出在列表中,我看不到编辑按钮,但我可以删除。
当手动运行命令时:
php bin/console sonata:admin:generate-object-acl
之后,我可以看到编辑按钮。
我在这里做错了什么?因为我是用同一个用户登录的。
编辑
经过几次研究,我发现了下一个问题 https://sonata-project.org/bundles/admin/2-3/doc/reference/security.html#acl-and-friendsofsymfony-userbundle
A listener must be implemented that creates the object Access Control List with the required rules if objects are created outside the Admin
这意味着什么,以及我应该如何在侦听器中担任正确的 ACL 角色?
我认为您没有足够详细地指出您允许的操作......您仅指向管理员,例如"ROLE_ADMIN_BOOKING_ADMIN"...按照文档,配置应该是"ROLE_ADMIN_BOOKING_ADMIN_EDIT",例如允许此角色编辑您的管理员......写"ROLE_ADMIN_BOOKING_ADMIN_ALL"以允许编辑所有内容...