I have read widely and tried examples but still cannot get the hang of Symfony2 ROLEs and Sonata Admin. I have four levels of users,
- SuperAdmin which is basically me the developer
- Admin who is the application owner. He has access to everything except user/ group management. Admin adds an Agency who will get an email with credentials into system
- Agency who then adds the exployees of people(Facilitators) working for the project
- Facilitators who are Agency employees who enter field Entries into the system
I want in Sonata Admin, to:
- Facilitators to only see Entry management menu
- Agency to see Entry and Facilitator Management menus only
- Admin to see Agency,Entry and Facilitator management menus only
- SuperAdmin to see everything else including user and Group management generated by SonataUserBundle
Here is how my security.yml file looks like
security:
role_hierarchy:
ROLE_FACILITATOR:
- ROLE_USER
- ROLE_SONATA_ADMIN
- ROLE_SONATA_ADMIN_ENTRY_EDIT
- ROLE_SONATA_ADMIN_ENTRY_LIST
- ROLE_SONATA_ADMIN_ENTRY_CREATE
- ROLE_SONATA_ADMIN_ENTRY_VIEW
- ROLE_SONATA_ADMIN_ENTRY_DELETE
ROLE_AGENCY:
- ROLE_FACILITATOR
- ROLE_SONATA_ADMIN_FACILITATOR_EDIT
- ROLE_SONATA_ADMIN_FACILITATOR_LIST
- ROLE_SONATA_ADMIN_FACILITATOR_CREATE
- ROLE_SONATA_ADMIN_FACILITATOR_VIEW
- ROLE_SONATA_ADMIN_FACILITATOR_DELETE
ROLE_OLX_ADMIN:
- ROLE_AGENCY
- ROLE_SONATA_ADMIN
- ROLE_SONATA_ADMIN_AGENCY_EDIT
- ROLE_SONATA_ADMIN_AGENCY_LIST
- ROLE_SONATA_ADMIN_AGENCY_CREATE
- ROLE_SONATA_ADMIN_AGENCY_VIEW
- ROLE_SONATA_ADMIN_AGENCY_DELETE
ROLE_SUPER_ADMIN:
- ROLE_OLX_ADMIN
- ROLE_ALLOWED_TO_SWITCHS
