Good day!
I really can't find the answer to my problem. I would be grateful for any help.
So. There is a project on symfony 2.8. There is a module SonataAdminBundle + FOSUserBundle. I created several services: User, Flat and Admin.
Log in to the admin area is provided in the presence of ROLE_USER and more. When logging in to the admin panel with ROLE_SUPER_ADMIN, all services are visible, and when logging in with ROLE_USER, no services are visible. Various manipulations with the code did not produce any results, maybe someone knows how to properly Provide the user with ROLE_USER access to the Admin service ???

security.yml

security: role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: ROLE_ADMIN access_control: - { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/admin/, role: ROLE_USER }

services.yml

 services: admin.admin: class: Flatbel\FlatBundle\Admin\AdminAdmin arguments: [~, Flatbel\FlatBundle\Entity\Flat,~] tags: - { name: sonata.admin, manager_type: orm, label: Admin}

AdminAdmin.php

 class AdminAdmin extends AbstractAdmin

{

 protected function configureFormFields(FormMapper $formMapper) { $formMapper ->add('id') ->add('userid') ; } protected function configureListFields(ListMapper $listMapper) { $listMapper ->addIdentifier('id') ->addIdentifier('userid') ; } public function toString($object) { return $object instanceof User ? $object->getUsername() : 'Flat'; // shown in the breadcrumb on the create view } protected function configureDatagridFilters(DatagridMapper $datagridMapper) { $datagridMapper ->add('id') ->add('userid') ; }

}

    1 answer 1

    The need to give the user access to the administrative section with the same services sounds like letting the user be a super admin. Assign a default role ROLE_SUPER_ADMIN to all users.

    This solution sounds very strange, but this is what will solve your problem, and it fully answers your question.

    If you still do not want to make all users administrators, then you better look in the direction of a separate space for them (Profile). Sonata Demo . Try to go to the administrative section for a regular user and for the administrator, the difference you will immediately understand the essence of the implementation.

    Or you can refer to the role-sharing of admins with the help of Voters, if, again, you do not want all services to be accessible to all. Then for all users, by default you set ROLE_SUPER_ADMIN , and for cool admin ROLE_CHUCK_NORRIS (but better ROLE_SITE_OWNER ), which you will give access to closed services with Voters.

    This role must be inherited from ROLE_SUPER_ADMIN , since all insides (default configs) of the sonatas are sharpened for it.