We are running in a project which sort of looks like so:
The customers can login to a controlpanel in which they can edit information. The information they edited will be pulled via a REST API by other software (this allready works in a previous version).
Actually the base of our application is actually the same as the SonataAdminBundle. But as far as I know I can not filter data viewed in the SonataAdminBundle by which user is logged in.
For example:
- User1, User2 and User3 are employees from Customer1. They only need to see the data they all added from Customer1
- When a new customer Customer2 is added to the system some users are also created User10 and User11. They only need to see information about Customer2 and not the information added by Customer1 (and vise versa)
Is this possible by using only the SonataAdminBundle? Or do we have to create our own software which is be able to to this?
I know that we have to create all different manytomany or onetomany relations, but that isn't any problem. The main question is, can I filter data by the user that is currently logged in? And when logged in as an admin or super admin no data filter must be applied.
Thanks in advance!
Yes it is possible to use only SonataAdminBundle.
First of all, the user access data by the different list view, so you need to override the createQuery method of your Admin class to display the right Customer.
(Don't forget to inject @security.context service)
Then you need to securise all the other action (show, edit and delete) to prevent the user to access to the other Customers.
To do that i override my Controller's actions and i add my own logic before calling the parent method.
Perhaps there are better methods..