Identifier column does not fall back to show when edit is not allowed for user.
landure opened this issue · 3 comments
landure commented
Environment
Sonata packages
show
$ composer show --latest 'sonata-project/*'
Direct dependencies required in composer.json:
sonata-project/admin-bundle 4.22.4 4.22.4 The missing Symfony Admin Generator
sonata-project/block-bundle 4.19.0 4.19.0 Symfony SonataBlockBundle
sonata-project/doctrine-mongodb-admin-bundle 4.6.0 4.6.0 Symfony Sonata / Integrate Doctrine MongoDB ODM into the SonataAdminBundle
sonata-project/user-bundle 5.5.0 5.5.0 Symfony SonataUserBundle
Transitive dependencies not required in composer.json:
sonata-project/cache 2.2.0 2.2.0 Cache library
Package sonata-project/cache is abandoned, you should avoid using it. No replacement was suggested.
sonata-project/doctrine-extensions 2.1.0 2.1.0 Doctrine2 behavioral extensions
sonata-project/exporter 3.1.1 3.1.1 Lightweight Exporter library
sonata-project/form-extensions 1.18.0 1.18.0 Symfony form extensions
sonata-project/twig-extensions 2.0.0 2.0.0 Sonata twig extensions
Symfony packages
show
$ composer show --latest 'symfony/*'
Direct dependencies required in composer.json:
symfony/asset v6.1.11 v6.2.5 Manages URL generation and versioning of web assets such as CSS stylesheets, JavaScript files and image files
symfony/browser-kit v6.1.11 v6.2.5 Simulates the behavior of a web browser, allowing you to make requests, click on links and submit forms programmatically
symfony/console v6.1.11 v6.2.5 Eases the creation of beautiful and testable command line interfaces
symfony/css-selector v6.1.11 v6.2.5 Converts CSS selectors to XPath expressions
symfony/debug-bundle v6.1.11 v6.2.5 Provides a tight integration of the Symfony VarDumper component and the ServerLogCommand from MonologBridge into the Symfony full-stack framework
symfony/dependency-injection v6.1.12 v6.2.6 Allows you to standardize and centralize the way objects are constructed in your application
symfony/doctrine-messenger v6.1.11 v6.2.5 Symfony Doctrine Messenger Bridge
symfony/dotenv v6.1.11 v6.2.5 Registers environment variables from a .env file
symfony/expression-language v6.1.11 v6.2.5 Provides an engine that can compile and evaluate expressions
symfony/flex v2.2.4 v2.2.4 Composer plugin for Symfony
symfony/form v6.1.11 v6.2.5 Allows to easily create, process and reuse HTML forms
symfony/framework-bundle v6.1.11 v6.2.5 Provides a tight integration between Symfony components and the Symfony full-stack framework
symfony/http-client v6.1.12 v6.2.6 Provides powerful methods to fetch HTTP resources synchronously or asynchronously
symfony/intl v6.1.11 v6.2.5 Provides a PHP replacement layer for the C intl extension that includes additional data from the ICU library
symfony/mailer v6.1.11 v6.2.5 Helps sending emails
symfony/maker-bundle v1.48.0 v1.48.0 Symfony Maker helps you create empty commands, controllers, form classes, tests and more so you can forget about writing boilerplate code.
symfony/mercure-bundle v0.3.5 v0.3.5 Symfony MercureBundle
symfony/mime v6.1.11 v6.2.5 Allows manipulating MIME messages
symfony/monolog-bundle v3.8.0 v3.8.0 Symfony MonologBundle
symfony/notifier v6.1.11 v6.2.5 Sends notifications via one or more channels (email, SMS, ...)
symfony/phpunit-bridge v6.2.5 v6.2.5 Provides utilities for PHPUnit, especially user deprecation notices management
symfony/process v6.1.11 v6.2.5 Executes commands in sub-processes
symfony/property-access v6.1.11 v6.2.5 Provides functions to read and write from/to an object or array using a simple string notation
symfony/property-info v6.1.11 v6.2.5 Extracts information about PHP class' properties using metadata of popular sources
symfony/proxy-manager-bridge v6.1.11 v6.2.5 Provides integration for ProxyManager with various Symfony components
symfony/runtime v6.1.11 v6.2.5 Enables decoupling PHP applications from global state
symfony/security-bundle v6.1.12 v6.2.6 Provides a tight integration of the Security component into the Symfony full-stack framework
symfony/serializer v6.1.11 v6.2.5 Handles serializing and deserializing data structures, including object graphs, into array structures or other formats like XML and JSON.
symfony/stopwatch v6.1.11 v6.2.5 Provides a way to profile code
symfony/string v6.1.11 v6.2.5 Provides an object-oriented API to strings and deals with bytes, UTF-8 code points and grapheme clusters in a unified way
symfony/templating v6.1.11 v6.2.5 Provides all the tools needed to build any kind of template system
symfony/translation v6.1.11 v6.2.5 Provides tools to internationalize your application
symfony/twig-bundle v6.1.11 v6.2.5 Provides a tight integration of Twig into the Symfony full-stack framework
symfony/ux-chartjs v2.7.1 v2.7.1 Chart.js integration for Symfony
symfony/validator v6.1.11 v6.2.5 Provides tools to validate values
symfony/web-link v6.1.11 v6.2.5 Manages links between resources
symfony/web-profiler-bundle v6.1.11 v6.2.5 Provides a development tool that gives detailed information about the execution of any request
symfony/webpack-encore-bundle v1.16.1 v1.16.1 Integration with your Symfony app & Webpack Encore!
symfony/yaml v6.1.11 v6.2.5 Loads and dumps YAML files
Transitive dependencies not required in composer.json:
symfony/cache v6.1.11 v6.2.5 Provides extended PSR-6, PSR-16 (and tags) implementations
symfony/cache-contracts v3.2.0 v3.2.0 Generic abstractions related to caching
symfony/config v6.1.11 v6.2.5 Helps you find, load, combine, autofill and validate configuration values of any kind
symfony/deprecation-contracts v3.2.0 v3.2.0 A generic function and convention to trigger deprecation notices
symfony/doctrine-bridge v6.1.11 v6.2.5 Provides integration for Doctrine with various Symfony components
symfony/dom-crawler v6.1.11 v6.2.5 Eases DOM navigation for HTML and XML documents
symfony/error-handler v6.1.11 v6.2.5 Provides tools to manage errors and ease debugging PHP code
symfony/event-dispatcher v6.1.11 v6.2.5 Provides tools that allow your application components to communicate with each other by dispatching events and listening to them
symfony/event-dispatcher-contracts v3.2.0 v3.2.0 Generic abstractions related to dispatching event
symfony/filesystem v6.1.11 v6.2.5 Provides basic utilities for the filesystem
symfony/finder v6.1.11 v6.2.5 Finds files and directories via an intuitive fluent interface
symfony/http-client-contracts v3.2.0 v3.2.0 Generic abstractions related to HTTP clients
symfony/http-foundation v6.1.12 v6.2.6 Defines an object-oriented layer for the HTTP specification
symfony/http-kernel v6.1.12 v6.2.6 Provides a structured process for converting a Request into a Response
symfony/mercure v0.6.2 v0.6.2 Symfony Mercure Component
symfony/messenger v6.1.11 v6.2.5 Helps applications send and receive messages to/from other applications or via message queues
symfony/monolog-bridge v6.1.11 v6.2.5 Provides integration for Monolog with various Symfony components
symfony/options-resolver v6.1.11 v6.2.5 Provides an improved replacement for the array_replace PHP function
symfony/password-hasher v6.1.11 v6.2.5 Provides password hashing utilities
symfony/polyfill-intl-grapheme v1.27.0 v1.27.0 Symfony polyfill for intl's grapheme_* functions
symfony/polyfill-intl-icu v1.27.0 v1.27.0 Symfony polyfill for intl's ICU-related data and classes
symfony/polyfill-intl-idn v1.27.0 v1.27.0 Symfony polyfill for intl's idn_to_ascii and idn_to_utf8 functions
symfony/polyfill-intl-normalizer v1.27.0 v1.27.0 Symfony polyfill for intl's Normalizer class and related functions
symfony/polyfill-mbstring v1.27.0 v1.27.0 Symfony polyfill for the Mbstring extension
symfony/routing v6.1.11 v6.2.5 Maps an HTTP request to a set of configuration variables
symfony/security-acl v3.3.2 v3.3.2 Symfony Security Component - ACL (Access Control List)
symfony/security-core v6.1.11 v6.2.5 Symfony Security Component - Core Library
symfony/security-csrf v6.1.11 v6.2.5 Symfony Security Component - CSRF Library
symfony/security-http v6.1.12 v6.2.6 Symfony Security Component - HTTP Integration
symfony/service-contracts v3.2.0 v3.2.0 Generic abstractions related to writing services
symfony/translation-contracts v3.2.0 v3.2.0 Generic abstractions related to translation
symfony/twig-bridge v6.1.11 v6.2.5 Provides integration for Twig with various Symfony components
symfony/var-dumper v6.1.11 v6.2.5 Provides mechanisms for walking through any arbitrary PHP variable
symfony/var-exporter v6.1.11 v6.2.5 Allows exporting any serializable PHP data structure to plain PHP code
PHP version
$ php -v
PHP 8.1.2-1ubuntu2.10 (cli) (built: Jan 16 2023 15:19:49) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.2, Copyright (c) Zend Technologies
with Zend OPcache v8.1.2-1ubuntu2.10, Copyright (c), by Zend Technologies
with Xdebug v3.1.2, Copyright (c) 2002-2021, by Derick Rethans
Subject
Sonata Admin is configured with sonata_admin.options.default_admin_route set to 'edit' in config/packages/sonata_admin.yaml`.
The logged-in user has '_VIEW' and '_LIST' roles, but does not have '_EDIT' (nor '_DELETE') role.
In the list view, the columns added with addIdentifier method displays no links.
Expected results
Idealy, the identifier columns should drop back to the 'show' route when the 'edit' route access is not granted.
Proposed fix
In base_list_field.html.twig, drop back the route variable value to show when edit is not granted:
...
{% set route_name = field_description.option('route').name|default(sonata_config.getOption('default_admin_route')) %}
{% set route_parameters = field_description.option('route').parameters|default([]) %}
{# Set route_name to show when edit action is not allowed. #}
{% if route_name == 'edit' and not admin.hasAccess(route_name, object) %}
{% set route_name = 'show' %}
{% endif %}
{% if
field_description.option('identifier', false)
and admin.hasRoute(route_name)
and admin.hasAccess(route_name, route_name in ['show', 'edit'] ? object : null)
%}
...VincentLanglet commented
Sonata Admin is configured with sonata_admin.options.default_admin_route set to 'edit' in config/packages/sonata_admin.yaml`.
The default value is show, not edit.
Related to #7454
The route used was a mess
- Somewhere it was edit then show
- Somewhere it was show
- Somewhere it was edit
This was changed to a single route, that you can edit in your config.
And it seems like you decided to change it.
Currently, changing the code to say "If in your config you chose edit, but you can't access it, then display show" would be a BC break since not everybody will want this behavior.
The only solution I see would be to support array of route, but this would be a lot of complication for not a big wing...
landure commented
For information, an alternative solution is to use this in configureListFields(ListMapper $list) method:
$list->addIdentifier('field', fieldDescriptionOptions: [
'route' => ['name' => $this->hasAccess('edit') ? 'edit' : 'show';],
])VincentLanglet commented
For information, an alternative solution is to use this in
configureListFields(ListMapper $list)method:$list->addIdentifier('field', fieldDescriptionOptions: [ 'route' => ['name' => $this->hasAccess('edit') ? 'edit' : 'show';], ])
I think it's a good enough solution which doesn't need to add extra complexity to the sonata config