Sonata Admin+ACL-Different dashboard for different roles

0
votes

Well I am trying to achieve this using sonata admin bundle+ fosuser+ ACL

Three level of users –-normal user----staff----super admin When each user logs in each user is redirected to admin dashboard but shown only some admin items (listing) and user other than super admin allowed to edit only own items

I implemented everything as on listed here http://sonata-project.org/bundles/admin/2-3/doc/reference/security.html

I ran all acl command(inits and so on) everything is working fine

But sonata admin roles are so confusing. Rather than editing roles of every single user I am assigning user to groups (creating 3 groups normal,staff and super admin) and assigning roles to it(group).

But I am really confused what roles should be assigned to staff and normal user. If I assigned ROLE_SUPER_ADMIN role the user is able to do everything.

If I assign only ROLE_SONATA_ADMIN to group the dashboard is empty without any items.

So how can I achieve what I want? Thanks.

current roles here http://i59.tinypic.com/iwlkjt.jpg

1
fosuserbundlesonata-adminsonata

1 Answers

1
votes

You should set permissions for each admin separately. On your picture I cannot see admin bundles to manage permissions except relation bundle (GalleryHasMedia) wich is shown when you operate on many-to-many relation. You only have permissions to ROLE_SONATA_MEDIA_ADMIN_GALLERY_HAS_MEDIA set for STAFF. I can imagine that you don't have blocks for this relation on the dashboard or on your left sidebar menu.

First of all you should run this command every time you add any Admin (in case you didn't):

app/console sonata:admin:setup-acl

Assuming that you have SonataMediaBundle you should have among others following ROLEs:

ROLE_SONATA_MEDIA_ADMIN_GALLERY_GUEST
ROLE_SONATA_MEDIA_ADMIN_GALLERY_STAFF
ROLE_SONATA_MEDIA_ADMIN_GALLERY_EDITOR
ROLE_SONATA_MEDIA_ADMIN_GALLERY_ADMIN

Assuming that you configured your permissions as following:

sonata_admin:
    security:
        handler: sonata.admin.security.handler.acl
        # acl security information
        information:
            GUEST:    [VIEW, LIST]
            STAFF:    [EDIT, LIST, CREATE]
            EDITOR:   [OPERATOR, EXPORT]
            ADMIN:    [MASTER]

        admin_permissions: [CREATE, LIST, DELETE, UNDELETE, EXPORT, OPERATOR, MASTER]

So if you want user X:

  • to see Gallery list then you should give him GUEST permissions on given on given Admin
  • to see Gallery list, edit own items and create new ones then you should give him STAFF permissions on given Admin
  • to see Gallery list, edit each items and create new ones then you should give him OPERATOR permissions on given Admin
  • to do everything else (i.e delete, change permissions) set MASTER pemissions on given Admin

Try also to extend your ROLE_ADMIN hierarchy (at app/config/security.yml):

ROLE_ADMIN:             [ROLE_STAFF, ROLE_SONATA_EDITOR, ROLE_SONATA_ADMIN]

Regards.