add object to isGranted for object permissions in templates and controllers

Controller/CRUDController.php

@@ -185,10 +185,6 @@ class CRUDController extends Controller
      */
     public function deleteAction($id)
     {
-        if (false === $this->admin->isGranted('DELETE')) {
-            throw new AccessDeniedException();
-        }
-
         $id = $this->get('request')->get($this->admin->getIdParameter());
         $object = $this->admin->getObject($id);
 
@@ -196,6 +192,10 @@ class CRUDController extends Controller
             throw new NotFoundHttpException(sprintf('unable to find the object with id : %s', $id));
         }
 
+        if (false === $this->admin->isGranted('DELETE', $object)) {
+            throw new AccessDeniedException();
+        }
+
         if ($this->getRequest()->getMethod() == 'DELETE') {
             try {
                 $this->admin->delete($object);
@@ -222,10 +222,6 @@ class CRUDController extends Controller
      */
     public function editAction($id = null)
     {
-        if (false === $this->admin->isGranted('EDIT')) {
-            throw new AccessDeniedException();
-        }
-
         $id = $this->get('request')->get($this->admin->getIdParameter());
 
         $object = $this->admin->getObject($id);
@@ -234,6 +230,10 @@ class CRUDController extends Controller
             throw new NotFoundHttpException(sprintf('unable to find the object with id : %s', $id));
         }
 
+        if (false === $this->admin->isGranted('EDIT', $object)) {
+            throw new AccessDeniedException();
+        }
+
         $this->admin->setSubject($object);
 
         $form = $this->admin->getForm();
@@ -429,10 +429,6 @@ class CRUDController extends Controller
      */
     public function showAction($id = null)
     {
-        if (false === $this->admin->isGranted('VIEW')) {
-            throw new AccessDeniedException();
-        }
-
         $id = $this->get('request')->get($this->admin->getIdParameter());
 
         $object = $this->admin->getObject($id);
@@ -441,6 +437,10 @@ class CRUDController extends Controller
             throw new NotFoundHttpException(sprintf('unable to find the object with id : %s', $id));
         }
 
+        if (false === $this->admin->isGranted('VIEW', $object)) {
+            throw new AccessDeniedException();
+        }
+
         $this->admin->setSubject($object);
 
         // build the show list

Controller/HelperController.php

@@ -201,13 +201,6 @@ class HelperController
             ));
         }
 
-        // check user permission
-        if (false === $admin->isGranted('EDIT')) {
-            return new Response(json_encode(array('status' => 'KO', 'message' => 'Invalid permissions')), 200, array(
-                'Content-Type' => 'application/json'
-            ));
-        }
-
         $object = $admin->getObject($objectId);
 
         if (!$object) {
@@ -216,6 +209,13 @@ class HelperController
             ));
         }
 
+        // check user permission
+        if (false === $admin->isGranted('EDIT', $object)) {
+            return new Response(json_encode(array('status' => 'KO', 'message' => 'Invalid permissions')), 200, array(
+                'Content-Type' => 'application/json'
+            ));
+        }
+
         if ($context == 'list') {
             $fieldDescription = $admin->getListFieldDescription($field);
         } else {

Resources/views/CRUD/base_edit.html.twig

@@ -22,7 +22,7 @@ file that was distributed with this source code.
 {% block actions %}
     <div class="sonata-actions">
         <ul>
-            {% if admin.hasroute('show') and admin.id(object) and admin.isGranted('VIEW') and admin.show|length > 0 %}
+            {% if admin.hasroute('show') and admin.id(object) and admin.isGranted('VIEW', object) and admin.show|length > 0 %}
                 <li class="btn sonata-action-element"><a href="{{ admin.generateObjectUrl('show', object) }}">{% trans from 'SonataAdminBundle' %}link_action_show{% endtrans %}</a></li>
             {% endif %}
             {% if admin.hasroute('create') and admin.isGranted('CREATE')%}

Resources/views/CRUD/base_list_field.html.twig

@@ -10,9 +10,9 @@ file that was distributed with this source code.
 #}
 
 <td class="sonata-ba-list-field sonata-ba-list-field-{{ field_description.type }}" objectId="{{ admin.id(object) }}">
-    {% if field_description.options.identifier is defined and admin.isGranted('VIEW') %}
+    {% if field_description.options.identifier is defined and admin.isGranted('VIEW', object) %}
 
-        {% if admin.hasroute('edit') and admin.isGranted('EDIT') %}
+        {% if admin.hasroute('edit') and admin.isGranted('EDIT', object) %}
             <a href="{{ admin.generateObjectUrl('edit', object) }}">
         {% elseif admin.hasroute('show') and admin.show|length > 0 %}
             <a href="{{ admin.generateObjectUrl('show', object) }}">

Resources/views/CRUD/base_show.html.twig

@@ -14,7 +14,7 @@ file that was distributed with this source code.
 {% block actions %}
     <div class="sonata-actions">
         <ul>
-            {% if admin.hasRoute('edit') and admin.isGranted('EDIT')%}
+            {% if admin.hasRoute('edit') and admin.isGranted('EDIT', object)%}
                 <li class="btn sonata-action-element"><a href="{{ admin.generateObjectUrl('edit', object) }}">{% trans from 'SonataAdminBundle' %}link_action_edit{% endtrans %}</a></li>
             {% endif %}
 

Resources/views/CRUD/delete.html.twig

@@ -14,7 +14,7 @@ file that was distributed with this source code.
 {% block actions %}
     <div class="sonata-actions">
         <ul>
-            {% if admin.hasRoute('edit') and admin.isGranted('EDIT')%}
+            {% if admin.hasRoute('edit') and admin.isGranted('EDIT', object)%}
                 <li class="btn sonata-action-element"><a href="{{ admin.generateObjectUrl('edit', object) }}">{% trans from 'SonataAdminBundle' %}link_action_edit{% endtrans %}</a></li>
             {% endif %}
 

Resources/views/CRUD/list__action_delete.html.twig

@@ -1,4 +1,4 @@
-{% if admin.isGranted('DELETE') and admin.hasRoute('delete') %}
+{% if admin.isGranted('DELETE', object) and admin.hasRoute('delete') %}
     <a href="{{ admin.generateObjectUrl('delete', object) }}" class="delete_link" title="{% trans from 'SonataAdminBundle' %}action_delete{% endtrans %}">
         <img src="{{ asset('bundles/sonataadmin/famfamfam/delete.png') }}" alt="{% trans from 'SonataAdminBundle' %}action_delete{% endtrans %}" />
     </a>

Resources/views/CRUD/list__action_edit.html.twig

@@ -1,4 +1,4 @@
-{% if admin.isGranted('EDIT') and admin.hasRoute('edit') %}
+{% if admin.isGranted('EDIT', object) and admin.hasRoute('edit') %}
     <a href="{{ admin.generateObjectUrl('edit', object) }}" class="edit_link" title="{% trans from 'SonataAdminBundle' %}action_edit{% endtrans %}">
         <img src="{{ asset('bundles/sonataadmin/famfamfam/page_white_edit.png') }}" alt="{% trans from 'SonataAdminBundle' %}action_edit{% endtrans %}" />
     </a>

Resources/views/CRUD/list_boolean.html.twig

@@ -13,7 +13,7 @@ file that was distributed with this source code.
 
 {% block field %}
 {% spaceless %}
-{% if field_description.options.editable is defined and field_description.options.editable and admin.isGranted('EDIT') %}
+{% if field_description.options.editable is defined and field_description.options.editable and admin.isGranted('EDIT', object) %}
     {% if value %}
         <a href="{{ url('sonata_admin_set_object_field_value', { 'context': 'list', 'field': field_description.name, 'objectId': admin.id(object), 'value': 0, 'code': admin.code(object) }) }}" class="sonata-ba-action sonata-ba-edit-inline">
             <img