ACL extension for Sonata Admin
This bundle provides ACL list filtering for SonataAdminBundle.
When enabled, list screens only display data the logged in user has right to view., (*1)
This bundle is a good complementary of the SonataAdminBundle ACL editor., (*2)
, (*3)
Install
Be sure that SonataAdminBundle is working and has ACL enabled., (*4)
Install this bundle using composer:, (*5)
composer require mrgreenstuff/acl-sonata-admin-extension-bundle
Register the bundle in your AppKernel:, (*6)
// app/AppKernel.php
public function registerBundles()
{
return array(
// ...
new MrGreenStuff\Bundle\AclSonataAdminExtensionBundle\MrGreenStuffAclSonataAdminExtensionBundle(),
// ...
);
}
Enable
This extension is automatically enabled for all admins., (*7)
Special case (Master ACL Entity)
Enhancement By JUILLARD YOANN
Application example :
3 Tables : Shop, Product and Country
- Between this tables relation ManyToOne (1 Country have N Shop) (1 Shop have N products). It should be work on all relation types but it's not tested.
4 Users :
- Admin (SUPER_ADMIN)
- MainManager (NOT SUPER ADMIN !)
- EnglandManager
- FranceManager
Behavior expected :
- MainManager have OPERATOR ACL on all Countries so he can access to all shop and products of the matching country (even if ACL record for him not exists but because they have ACL access to the parent or the grand parent in this case all countries)
- EnglandManager or FranceManager can acces to all shop and products of the matching coutry (even if the products or shop has been created by MainManager or the SUPER_ADMIN without ACLs for this users but because they have ACL acces to the parent or the grand parent in this case only one country)
- Admin keep SUPER_ADMIN role (normal behavior)
Configuration :
- Create method : getMasterAclClass() on your sonata admin classes (only classes where you want to enabled the behavior). This method must return a string of master entity ACL like :
/*In Shop and Product admin classes*/
public function getMasterAclClass(){
return 'Acme\DemoBundle\Entity\Country';
}
- Create method getMasterAclPath() on your sonata admin classes (only classes where you want to enabled the behavior). This method must return a array like :
/*In Shop admin class*/
public function getMasterAclPath(){
return array(
array('coutry','c')
);
}
//Where 'country' is the property name of the Shop entity who made the relation with Country Entity and 'c' a unique identifier (IMPORTANT the unique shortcut identifier CANNOT BE 'o' because 'o' is the default identifier of Sonata Admin)
/*In Product admin class*/
public function getMasterAclPath(){
return array(
array('shop','s'),
array('coutry','c')
);
}
BE CAREFULL WHITH ORDER IN ARRAY IT MUST BE parent->grandParent->grandGrandParent... untill the MASTER ACL CLASS DEFINED ABOVE
DISABLED STRICT MODE (Enabled by default)
When an child object of master ACL is created by an user the ACL is still added like without the bundle.
When you delete the ACL acces to one record of the master class the users still can't acces to record created by him before the ACL master update (Even if ACL record defined him as owner).
If you want that users still can access to child record created by him before the ACL master update you have to disabled the stict mode :, (*8)
To do this write the method getMasterAclStrict() in the admin class., (*9)
public function getMasterAclStrict(){
return false;
}
Credits
Created by Kévin Dunglas for La Coopérative des Tilleuls., (*10)
Enhanced by JUILLARD Yoann, (*11)