{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 你好瞎i 的问题《SonataAdminBundle Security roles》','https://www.manongdao.com/q-737773.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to secure some admin in SonataAdminBundle
I add SonataUserBundle with fosUserBundle for login. So I can add users, groups and roles
in security.yml
role_hierarchy:
ROLE_ADMIN: ROLE_ADMIN
ROLE_IT: ROLE_IT
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_IT]
access_control:
- { path: ^/sonata/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/sonata/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/sonata/login-check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/sonata, role: [ROLE_ADMIN] }
- { path: ^/sonata/api/monolog, role: [ROLE_IT] }
I have to be connected to access Sonata
But every user can access the route /sonata/api/monolog even if they don't have ROLE_IT
How can I securize an Admin And how can I only display the link if the user can acces to it
The Admin user must have all roles in active security token.
If you do not have all the roles in the current state, then you should activate memory security provider and specify your account with all roles and reauth.
Use acl as the security handler.
Resources: SonataAdminBundle Security