restricted by role entity block in Sonata Admin is not displayed

0
votes

I am trying to configure SonataAdmin to display certain entity management for different roles. Read sonata docs, lots of QnA on stackoverflow, cannot find the problem...

Problem:

If I login as ROLE_ADMIN user, I can see all blocks, so sonata admin is working fine. But if I log in with other user, I just see empty page with no blocks. I would say I only need to add role ROLE_SONATA_CONTRACT to my user but as it did not work I tried every role I could think of including all roles auto-generated in user admin form.

I can give more information from configs, now I just copied parts I think are relevant.

My config:

Reference: http://sonata-project.org/bundles/admin/master/doc/reference/security.html#role-handler

# services.yml
services:
  sonata.block.admin.contract:
    class: STH\OrderBundle\Admin\ContractAdmin
    tags:
    - { name: sonata.admin, manager_type: orm, group: "Orders", label: "Orders" }
    arguments: [null, STH\OrderBundle\Entity\Contract, SonataAdminBundle:CRUD ]

# security.yml
role_hierarchy:
    ROLE_SONATA_CONTRACT:
      - ROLE_SONATA_BLOCK_ADMIN_CONTRACT_VIEW
      - ROLE_SONATA_BLOCK_ADMIN_CONTRACT_GUEST

    ROLE_ADMIN:       [ROLE_USER, ROLE_ALLOWED_TO_SWITCH, ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT, ROLE_SONATA_PAGE_ADMIN_BLOCK_EDIT]
    ROLE_SUPER_ADMIN: ROLE_ADMIN

    SONATA:
      - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT  # if you are using acl then this line must be commented
      - ROLE_SONATA_PAGE_ADMIN_BLOCK_EDIT
access_decision_manager:
    strategy: unanimous

# config.yml
security:
    handler: sonata.admin.security.handler.role
    # acl security information
    information:
        GUEST:    [VIEW, LIST]
        STAFF:    [EDIT, LIST, CREATE]
        EDITOR:   [OPERATOR, EXPORT]
        ADMIN:    [MASTER, ROLE_ADMIN]
    # permissions not related to an object instance and also to be available when objects do not exist
    # the DELETE admin permission means the user is allowed to batch delete objects
    admin_permissions: [CREATE, LIST, DELETE, UNDELETE, EXPORT, OPERATOR, MASTER]
    # permission related to the objects
    object_permissions: [VIEW, EDIT, DELETE, UNDELETE, OPERATOR, MASTER, OWNER]

System: Symfony 2.5.2, SonataAdminBundle, SonataUserBundle, FOSUserBundle.

1
symfonyrolessonata-admin

1 Answers

0
votes

I think you are not correctly defining your role hierearchies. Did you tried something like: 

role_hierarchy:

    ROLE_USER: [ROLE_SONATA_BLOCK_ADMIN_CONTRACT_VIEW,ROLE_SONATA_BLOCK_ADMIN_CONTRACT_GUEST ]
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

Just to trigger some insights about the way you define your hierarchies. hope it helps.