SonataAdmin：防止管理员删除自己的帐户答案

【问题标题】：SonataAdmin: Prevent Admin From Deleting His Own AccountSonataAdmin：防止管理员删除自己的帐户
【发布时间】：2016-03-02 03:34:59
【问题描述】：

我正在将 sonatadmin 用于 symfony 2 项目。有时管理员用户可能会不小心删除自己的帐户。如何防止管理员用户删除自己的帐户？谢谢！

【问题讨论】：

这可能会有所帮助 sonata-project.org/bundles/admin/2-3/doc/reference/… 您可以覆盖模板，如果该行中的用户是管理员，则删除复选框
我尝试过类似的方法。但有一件事是用户仍然可以在帐户编辑页面中删除他的帐户。所以我可能需要一些代码修改

标签： php symfony sonata-admin

【解决方案1】：

为了防止管理员删除他自己的帐户，您需要通过关注ADVANCED CONFIGURATION 为奏鸣曲用户定义自己的CRUDController

admin:                  # Admin Classes
    user:
        class:          Sonata\UserBundle\Admin\Entity\UserAdmin
        controller:     YourUserBundle:CRUD
        translation:    SonataUserBundle

然后在您的控制器中覆盖batchActionDelete() 和deleteAction() 这些函数中的函数检查请求是否包含管理对象/id 然后在此处限制。

 public function deleteAction($id)
   {
       $id     = $this->get('request')->get($this->admin->getIdParameter());
       $object = $this->admin->getObject($id);

       if (!$object) {
           throw new NotFoundHttpException(sprintf('unable to find the object with id : %s', $id));
       }
       $userid  = $this->getUser()->getId() // get id of logged in user
       if($userid == $id){
               $this->addFlash(
                   'sonata_flash_error',
                   'Error you cannot delete your own account'
               );
             return $this->redirectTo($object);
       }
  // other code from base class

   }

batchActionDelete() 函数的逻辑相同

【讨论】：

【解决方案2】：

我将 SonataUserBundle 与 FOSUserBundle 一起使用，最终得到了以下解决方案。

config.yml:

parameters:
    sonata.user.admin.user.controller: AppBundle:CRUD\CRUD

AppBundle\Controller\CRUD\CRUDController：

<?php

namespace AppBundle\Controller\CRUD;

use Sonata\AdminBundle\Controller\CRUDController as Controller;
use Sonata\AdminBundle\Datagrid\ProxyQueryInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;

class CRUDController extends Controller
{
    public function deleteAction($id)
    {
        $request = $this->getRequest();
        $id      = $request->get($this->admin->getIdParameter());
        $object  = $this->admin->getObject($id);

        if (!$object) {
            throw $this->createNotFoundException(sprintf('unable to find the object with id: %s', $id));
        }

        $currentUserId = $this->getUser()->getId(); // ID of the current user
        if ($currentUserId == $id) {
            $this->addFlash(
                'sonata_flash_error',
                'You cannot delete your own account.'
            );

            return $this->redirectTo($object);
        }

        return parent::deleteAction($id);
    }

    public function batchActionDelete(ProxyQueryInterface $query)
    {
        $request       = $this->getRequest();
        $currentUserId = $this->getUser()->getId(); // ID of the current user
        $selectedUsers = $query->execute();

        foreach ($selectedUsers as $selectedUser) {
            if ($selectedUser->getId() == $currentUserId) {
                $this->addFlash(
                    'sonata_flash_error',
                    'You cannot delete your own account.'
                );

                return new RedirectResponse(
                    $this->admin->generateUrl('list', array('filter' => $this->admin->getFilterParameters()))
                );
            }
        }

        return parent::batchActionDelete($query);
    }
}

参考资料：

M Khalid Junaid 的回答
https://sonata-project.org/bundles/admin/3-x/doc/cookbook/recipe_custom_action.html（奏鸣曲文档）
https://sonata-project.org/bundles/user/2-0/doc/reference/advanced_configuration.html （高级配置）

【讨论】：