未显示Sonata Admin中的restricted by role实体块

Question

我正在尝试配置SonataAdmin以显示不同角色的某些实体管理。阅读奏鸣曲文档，堆栈溢出上有很多QnA，找不到问题...

问题：

如果我作为ROLE_ADMIN用户登录，我可以看到所有的区块，所以sonata管理员工作得很好。但是如果我用其他用户登录，我只看到没有块的空页面。我会说，我只需要向我的用户添加角色ROLE_SONATA_CONTRACT，但由于它不起作用，我尝试了所有我能想到的角色，包括在用户管理表单中自动生成的所有角色。

我可以从配置中给出更多信息，现在我只是复制了我认为相关的部分。

我的配置：

参考：http://sonata-project.org/bundles/admin/master/doc/reference/security.html#role-handler

# services.yml
services:
  sonata.block.admin.contract:
    class: STH\OrderBundle\Admin\ContractAdmin
    tags:
    - { name: sonata.admin, manager_type: orm, group: "Orders", label: "Orders" }
    arguments: [null, STH\OrderBundle\Entity\Contract, SonataAdminBundle:CRUD ]

# security.yml
role_hierarchy:
    ROLE_SONATA_CONTRACT:
      - ROLE_SONATA_BLOCK_ADMIN_CONTRACT_VIEW
      - ROLE_SONATA_BLOCK_ADMIN_CONTRACT_GUEST

    ROLE_ADMIN:       [ROLE_USER, ROLE_ALLOWED_TO_SWITCH, ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT, ROLE_SONATA_PAGE_ADMIN_BLOCK_EDIT]
    ROLE_SUPER_ADMIN: ROLE_ADMIN

    SONATA:
      - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT  # if you are using acl then this line must be commented
      - ROLE_SONATA_PAGE_ADMIN_BLOCK_EDIT
access_decision_manager:
    strategy: unanimous

# config.yml
security:
    handler: sonata.admin.security.handler.role
    # acl security information
    information:
        GUEST:    [VIEW, LIST]
        STAFF:    [EDIT, LIST, CREATE]
        EDITOR:   [OPERATOR, EXPORT]
        ADMIN:    [MASTER, ROLE_ADMIN]
    # permissions not related to an object instance and also to be available when objects do not exist
    # the DELETE admin permission means the user is allowed to batch delete objects
    admin_permissions: [CREATE, LIST, DELETE, UNDELETE, EXPORT, OPERATOR, MASTER]
    # permission related to the objects
    object_permissions: [VIEW, EDIT, DELETE, UNDELETE, OPERATOR, MASTER, OWNER]

系统: Symfony 2.5.2，SonataAdminBundle，SonataUserBundle，FOSUserBundle。

Answer 1

我认为你没有正确地定义你的角色层级。你有没有尝试过这样的东西：

role_hierarchy:

    ROLE_USER: [ROLE_SONATA_BLOCK_ADMIN_CONTRACT_VIEW,ROLE_SONATA_BLOCK_ADMIN_CONTRACT_GUEST ]
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

只是为了引发一些关于您定义层次结构的方式的见解。希望能有所帮助。