Develop Reference

Symfony acl and role hierarchy in dashboard

I am pretty new to symfony and try to handle that framework.
Use symfony 2.8 with sonata admin 2.3 and user bundle 2.2.5
Got some interesting situation with ACL roles adding.
I have 2 roles in my project(user and admin) and needed to add one more(manager), but got stuck on situation with total ignore of any of that new role.
I am allowed to log in with the no problems but no dashboard is loaded to the admin_pool.
It's a part of my security.yml with allowed roles.
acl:
connection: default
providers:
fos_userbundle:
id: fos_user.user_manager
role_hierarchy:
ROLE_USER: [VIEW, LIST]
ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN]
ROLE_DIVISION_MANAGER: [OPERATOR, EXPORT, MASTER, OWNER]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
and a part of my config.yml
where roles should be influence dashboard view.
dashboard:
blocks:
-
position: left
type: sonata.admin.block.admin_list
settings:
groups: [sonata_divison]
groups:
grower.management:
label: "Grower Management"
roles: [ADMIN]
sonata_user:
label: "Users"
roles: [ADMIN]
sonata_divison:
label: "Division Management"
roles: [ROLE_DIVISION_MANAGER, DIVISION_MANAGER]
items:
- admin.grower
- sonata.user.admin.user
security:
handler: sonata.admin.security.handler.acl
# acl security information
information:
OPERATOR: OPERATOR
EXPORT: EXPORT
LIST: LIST
VIEW: VIEW
USER: [VIEW, LIST]
DIVISION_MANAGER: [OPERATOR, EXPORT]
ADMIN: [MASTER, OWNER]
Are there any thoughts why dashboard is blank for division manager?

Install FOS UserBundle

I'm following a tutorial to install this FOSUserBundle to my project.
I got my information from this french tutorial: http://www.tutodidacte.com/symfony2-installer-fosuserbundle
So I did those commands:
php ./composer.phar require friendsofsymfony/user-bundle "~2.0#dev"
php composer.phar update
Then I created a new Bundle,
php bin/console generate:bundle
Bundle Namespace : Kingdom/UserBundle
But after doing that, in the AppKernel i can see the new UserBundle, mais the FOSUserBundle isn't here.
I try to add it by myself writting it in the file; but after when i try to create an entity we can see something is clearly wrong.
Sorry for the presentation of this below...I haven't succeed to print it correctly.
php bin/console generate:doctrine:entity
Fatal error: Uncaught exception 'Symfony\Component\Config\Definition\Exception\I
nvalidConfigurationException' with message 'The child node "db_driver" at path "
fos_user" must be configured.' in C:\wamp\www\Kingdom\vendor\symfony\symfony\src
\Symfony\Component\Config\Definition\ArrayNode.php:240
Stack trace:
0 C:\wamp\www\Kingdom\vendor\symfony\symfony\src\Symfony\Component\Config\Defin
ition\BaseNode.php(303): Symfony\Component\Config\Definition\ArrayNode->finalize
Value(Array)
1 C:\wamp\www\Kingdom\vendor\symfony\symfony\src\Symfony\Component\Config\Defin
ition\Processor.php(37): Symfony\Component\Config\Definition\BaseNode->finalize(
Array)
2 C:\wamp\www\Kingdom\vendor\symfony\symfony\src\Symfony\Component\Config\Defin
ition\Processor.php(50): Symfony\Component\Config\Definition\Processor->process(
Object(Symfony\Component\Config\Definition\ArrayNode), Array)
3 C:\wamp\www\Kingdom\vendor\friendsofsymfony\user-bundle\DependencyInjection\F
OSUserExtension.php(51): Symfony\Component\Config\Definition\Processor->processC
onfigur in C:\wamp\www\Kingdom\vendor\symfony\symfony\src\Symfony\Component\Conf
ig\Definition\ArrayNode.php on line 240

It seems you haven't properly configured the bundle. Follow the steps here:
http://symfony.com/doc/current/bundles/FOSUserBundle/index.html
In your case, it seems you are missing at least this:
http://symfony.com/doc/current/bundles/FOSUserBundle/index.html#step-5-configure-the-fosuserbundle
EDIT: After reading your question again, it seems you're not loading the bundle properly, as described here:
http://symfony.com/doc/master/bundles/FOSUserBundle/index.html#step-2-enable-the-bundle

After Installation A bundle needs to be enabled in AppKernel.php file. FOSUserBundle needs a bit of configuration to make it work properly I have written a simple and easy guide on it:
https://www.cloudways.com/blog/implement-fosuserbundle-in-symfony-3-1/
Installation:
composer require friendsofsymfony/user-bundle "~2.0#dev"
Enabling Bundle in AppKernel.php
After installing FOSUserBundle you must enable it in the project. Go to app/config/AppKernel.php and add the highlighted line in the bundles array.
$bundles = [
...
new FOS\UserBundle\FOSUserBundle(),
]
Create User Entity
Create the User entity as you are creating above :)
Configuring Security.yml file
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
# if you are using Symfony < 2.8, use the following config instead:
# csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
Configure FOSUserBundle in a Config
Add this config in config.yml
fos_user:
db_driver: orm
firewall_name: main
user_class: AppBundle\Entity\User
Importing Route files of FOSUserBundle
Add this to import routes in Routing.yml
fos_user:
resource: "#FOSUserBundle/Resources/config/routing/all.xml"
Updating Database Schema
The last step is to update the database schema to create table in the database.
php bin/console doctrine:schema:update --force
Now move to the app URL add /login in it you will see the login page.

Referencing non-parameter entries in config.yml

I have quite extensive config .yml files and I'd like to refer to various settings there:
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_USER: ROLE_ADMIN
easy_admin:
entities:
Group:
form:
fields:
-
property: 'roles'
type: choice
type_options:
expanded: true
multiple: true
choices: "%security.role_hierarchy%"
Of course the last line doesn't work because %security.role_hierarchy% refers to parameters.security.role_hierarchy. Is there any valid way to reference security.role_hierarchy in easy_admin section?

The only valid way to do that in YAML is using the standard feature anchors and aliases. Anchors (that what is going to be referenced) are indicated by &<name> and alias (one or more points where the anchor is referenced) are indicated by '*`:
security:
role_hierarchy: &hr1
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_USER: ROLE_ADMIN
easy_admin:
entities:
Group:
form:
fields:
-
property: 'roles'
type: choice
type_options:
expanded: true
multiple: true
choices: *hr1
The value for the mapping entry choices, when retrieved will be the mapping:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_USER: ROLE_ADMIN
(translated to the hash or dictionary like object of the programming language the YAML parser is written in), and is the same entity as the value for the key role_hierarchy.

Symfony user Role inheritance

I am currently working on a system using symfony (with FOSUserBundle), and i have multiple roles within the role_hierarchy, which i would like to utilize inheritance.
I have the role_hierarchy of:
role_hierarchy:
ROLE_MEMBER: ROLE_USER
ROLE_MONITOR: ROLE_MEMBER
ROLE_SUPERVISOR: ROLE_MONITOR
ROLE_MANAGER: ROLE_SUPERVISOR
ROLE_ADMIN: ROLE_MEMBER
ROLE_SUPER_ADMIN: [ROLE_MANAGER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
If the user i am logged in as has ROLE_SUPERVISOR and i call:
$this->get('security.context')->isGranted('ROLE_MONITOR')
I would expect this to return true, but it currently returns false.
Without adding every role to each user, is it possible to inherit roles so that if i called isGranted, it would check all other "related roles" within the hierarchy? and if so, how?

You need to put [] around your roles. This works as expected for me:
role_hierarchy:
ROLE_USER: []
ROLE_STAFF: [ROLE_USER]
ROLE_SCORE_ENTRY: [ROLE_USER, ROLE_STAFF]
ROLE_SCORE_ADMIN: [ROLE_USER, ROLE_STAFF, ROLE_SCORE_ENTRY]
ROLE_ASSIGNOR: [ROLE_STAFF]
ROLE_ASSIGNOR_KAC: [ROLE_ASSIGNOR]
ROLE_ASSIGNOR_CORE: [ROLE_ASSIGNOR]
ROLE_ASSIGNOR_EXTRA: [ROLE_ASSIGNOR]
ROLE_ASSIGNOR_ADMIN:
- ROLE_ASSIGNOR
- ROLE_ASSIGNOR_KAC
- ROLE_ASSIGNOR_CORE
- ROLE_ASSIGNOR_EXTRA
ROLE_DEVELOPER: [ROLE_USER]
ROLE_ADMIN:
- ROLE_STAFF
- ROLE_ASSIGNOR_ADMIN
- ROLE_SCORE_ADMIN
- ROLE_ALLOWED_TO_SWITCH
ROLE_SUPER_ADMIN:
- ROLE_ADMIN
- ROLE_DEVELOPER
- ROLE_ALLOWED_TO_SWITCH

How can delete default block of SonataUserBundle or SonataMediaBundle in SonataAdminbundle list?

I do not know how can delete the default block of UserBundle, MediaBundle (just one of them...).
This is my config.yml:
dashboard:
blocks:
# display a dashboard block
- { position: left, type: sonata.admin.block.admin_list }
# groups:
# sonata_page:
# label: Taules
# items:
# - sonata.admin.collection
# - sonata.admin.gender
# - sonata.admin.family
# - sonata.admin.color
# - sonata.admin.size
# - sonata.admin.article
And my security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_SONATA_READER:
- ROLE_SONATA_ADMIN_LIST
- ROLE_SONATA_ADMIN_VIEW
ROLE_SONATA_EDITOR:
- ROLE_SONATA_ADMIN_CREATE
- ROLE_SONATA_ADMIN_EDIT
ROLE_SONATA_ADMIN:
- ROLE_SONATA_ADMIN_DELETE
- ROLE_SONATA_ADMIN_EXPORT
ROLE_STAFF: [ROLE_USER, ROLE_SONATA_READER]
ROLE_ADMIN: [ROLE_STAFF ,ROLE_SONATA_EDITOR, ROLE_SONATA_ADMIN]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

You can use the Sonata AdminBundle security option to use the Role Handler, to let only one group the access to these administrations.
sonata_admin:
security:
handler: sonata.admin.security.handler.role