Can I secure SonataAdmin without SonataUserBundle?

0
votes

I would like to secure SonataAdmin without SonataUserBundle, the reasons are:

  1. I'm using Symfony latest version and SonataUserBundle requiring to use PHP 7, which I cannot update to php 7 (Corporate policies)

  2. Previous versions of SonataUserBundle requires Symfony 2.7 or lower, which I'm already too far into the project to downgrade symfony.

User authentication is done via CAS and is working, but when trying to access to /admin i get redirected back to /login

For me role access will be more than enough, as Sonata instructs in https://sonata-project.org/bundles/admin/master/doc/reference/security.html

To secure the admin I'm using Symfony standard way to secure the routes:

access_control:
   - { path: ^/admin, role: [ROLE_USER, ROLE_STAFF, ROLE_ADMIN, ROLE_SUPER_ADMIN, ROLE_SOCIAL_WORKER_SUPER_ADMIN] }

Any guidance here will be very much appreciated.

Thanks

1
symfonysecuritysonata-admin
Yes you can. Just add the root in the firewall with restrictions. - Filchev

1 Answers

0
votes

SonataUserBundle isn't required for the rest of Sonata to function - it just adds functionality. You simply protect it as you have, with standard Symfony access control firewall.

I've got a long-established app, originally from an early 2.7 and now at 3.2.8 with SonataAdmin for all of that time, and the only mention of SonataUserBundle is where it is suggested for sonata-project/intl-bundle "For user timezone detection".