I have install SonataAdminBundle and configure it manage my Entities, however I have 2 Admin Roles : ROLE_ADMIN and ROLE_SUPER_ADMIN and I want to limit access to some Admin services for ROLE_ADMIN, I'm using this in security.yml file :
access_control:
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/ads, roles: ROLE_SUPER_ADMIN }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
it's work perfectly, when a user with ROLE_ADMIN click on manage Ads link, he will be in Access denied page, but I want to hidden this link in menu in top Nav and in Dashboard page, how I do this ? Thanks
The default security handler of the SonataAdminBundle is the NOOP implementation, which is always returns true. You have to change the security configuration of the admin bundle.
With the role based security handler you have to add roles to the security.yml config as described here. For every admin class there is number of role you have to add to your base role in the role hierarchy. If you have an admin class with the id my_bundle.admin.object andmy_bundle.admin.protected_object:
security:
role_hierarchy:
ROLE_SUPER_ADMIN:
- ROLE_USER
- ROLE_ADMIN
- ROLE_ALLOWED_TO_SWITCH
- ROLE_MY_BUNDLE_ADMIN_PROTECTED_OBJECT_LIST
- ROLE_MY_BUNDLE_ADMIN_PROTECTED_OBJECT_EDIT
....
ROLE_ADMIN:
- ROLE_USER
- ROLE_SONATA_USER_ADMIN_USER_EDIT
- ROLE_SONATA_USER_ADMIN_USER_LIST
- ROLE_MY_BUNDLE_ADMIN_OBJECT_LIST
- ROLE_MY_BUNDLE_ADMIN_OBJECT_EDIT
...
You might have to enumerate all admin/action combination as roles. Maybe implementing a custom security handler based on the RoleSecurityHandler is a better choice if you have large number of admin classes.
Note I don't know too much about ACLs in symfony, neither the AclSecurityHandler.
in your template, do something like:
{% if is_granted('ROLE_ADMIN') %}
<li><a href="{{ path('zayso_natgames_admin') }}">Admin</a></li>
{% endif %}
If these templates are in the Sonata bundle then you will need to override them in your app directory.