Menu
I have Sonata Admin set up with ACLs. I have different users, groups and permissions which work fine. To achieve this, i followed the Sonata Admin documentation on ACLs.
So here is my question: What is a clean way to ensure that backend (admin) users can only view, edit and delete the entities they created with Symfony's and Sonata Admin's built-in ACL mechanisms? Sonata Admin automatically stores the owner (creator) of the object once it is persisted in the ACL tables (from the Sonata docs):
Owner: when an object is created, the currently logged in user is set as owner for that object and is granted all access for that object;
The same question has already been answered on Stackoverflow, but the answer does not explain in detail how to solve it with ACLs.
308
There is a new Symfony bundle doing just that: https://github.com/coopTilleuls/CoopTilleulsAclSonataAdminExtensionBundle
All you need to do is enable ACL in Sonata Admin, install the bundle and activate it. Pretty easy and effective, I use it in my Symfony2 project with Sonata Admin 2.2.
122
I saw 2 ways to do that:
CreateQuery()
I was not able to do any of these for doing the very simple thing that I needed, but I think this is the idea.
Actually this is one of many Symfony things on which I spent many hours and thousands lines of code without big success... Such simple needs should not be as much pain in the arse...
45
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
