Add templates to integrate the Sonata Admin Bundle

Controller/AdminSecurityController.php

@@ -0,0 +1,53 @@
+<?php
+
+/*
+ * This file is part of the FOSUserBundle package.
+ *
+ * (c) FriendsOfSymfony <http://friendsofsymfony.github.com/>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Sonata\UserBundle\Controller;
+
+use FOS\UserBundle\Controller\SecurityController;
+
+use Symfony\Component\DependencyInjection\ContainerAware;
+use Symfony\Component\Security\Core\SecurityContext;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+
+class AdminSecurityController extends SecurityController
+{
+    public function loginAction()
+    {
+        $request = $this->container->get('request');
+        /* @var $request \Symfony\Component\HttpFoundation\Request */
+        $session = $request->getSession();
+        /* @var $session \Symfony\Component\HttpFoundation\Session */
+
+        // get the error if any (works with forward and redirect -- see below)
+        if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) {
+            $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR);
+        } elseif (null !== $session && $session->has(SecurityContext::AUTHENTICATION_ERROR)) {
+            $error = $session->get(SecurityContext::AUTHENTICATION_ERROR);
+            $session->remove(SecurityContext::AUTHENTICATION_ERROR);
+        } else {
+            $error = '';
+        }
+
+        if ($error) {
+            // TODO: this is a potential security risk (see http://trac.symfony-project.org/ticket/9523)
+            $error = $error->getMessage();
+        }
+        // last username entered by the user
+        $lastUsername = (null === $session) ? '' : $session->get(SecurityContext::LAST_USERNAME);
+
+        return $this->container->get('templating')->renderResponse('SonataUserBundle:Admin:Security/login.html.'.$this->container->getParameter('fos_user.template.engine'), array(
+            'last_username' => $lastUsername,
+            'error'         => $error,
+            'base_template' => $this->container->get('sonata.admin.pool')->getTemplate('layout'),
+            'admin_pool'    => $this->container->get('sonata.admin.pool')
+        ));
+    }
+}

Resources/config/routing/admin_security.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<routes xmlns="http://symfony.com/schema/routing"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://symfony.com/schema/routing http://symfony.com/schema/routing/routing-1.0.xsd">
+
+    <route id="sonata_user_admin_security_login" pattern="/login">
+        <default key="_controller">SonataUserBundle:AdminSecurity:login</default>
+    </route>
+
+    <route id="sonata_user_admin_security_check" pattern="/login_check">
+        <default key="_controller">SonataUserBundle:AdminSecurity:check</default>
+    </route>
+
+    <route id="sonata_user_admin_security_logout" pattern="/logout">
+        <default key="_controller">SonataUserBundle:AdminSecurity:logout</default>
+    </route>
+</routes>

Resources/doc/reference/installation.rst

@@ -109,3 +109,85 @@ Then add these bundles in the config mapping definition (or enable `auto_mapping
                     mappings:
                         ApplicationSonataUserBundle: ~
                         SonataUserBundle: ~
+
+
+Integrating the bundle into the Sonata Admin Bundle
+---------------------------------------------------
+
+Add the related security routing information
+
+.. code-block:: yaml
+
+    soanata_user:
+        resource: '@SonataUserBundle/Resources/config/routing/admin_security.xml'
+        prefix: /admin
+
+
+Then add a new custom firewall handlers for the admin
+
+.. code-block:: yaml
+
+    security:
+        role_hierarchy:
+            ROLE_ADMIN:       ROLE_USER
+            ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
+            SONATA:
+                - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT  # if you are not using acl then this line must be uncommented
+
+        providers:
+            fos_userbundle:
+                id: fos_user.user_manager
+
+        firewalls:
+
+            # -> custom firewall for the admin area of the URL
+            admin:
+                pattern:      /admin(.*)
+                form_login:
+                    provider:       fos_userbundle
+                    login_path:     /admin/login
+                    use_forward:    false
+                    check_path:     /admin/login_check
+                    failure_path:   null
+                logout:
+                    path:           /admin/logout
+                anonymous:    true
+            # -> end custom configuration
+
+            # defaut login area for standard users
+            main:
+                pattern:      .*
+                form_login:
+                    provider:       fos_userbundle
+                    login_path:     /login
+                    use_forward:    false
+                    check_path:     /login_check
+                    failure_path:   null
+                logout:       true
+                anonymous:    true
+
+The last part is to define 3 new access control rules :
+
+.. code-block:: yaml
+
+    security:
+        access_control:
+            # URL of FOSUserBundle which need to be available to anonymous users
+            - { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
+            - { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
+            - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
+
+            # -> custom access control for the admin area of the URL
+            - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
+            - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
+            - { path: ^/admin/login-check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
+            # -> end
+
+            - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
+            - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
+
+            # Secured part of the site
+            # This config requires being logged for the whole site and having the admin role for the admin part.
+            # Change these rules to adapt them to your needs
+            - { path: ^/admin, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
+            - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }

Resources/views/Admin/Core/user_block.html.twig

@@ -0,0 +1 @@
+{% block user_block %}{% if app.user %}{{ app.user }} - <a href="{{ url('sonata_user_admin_security_logout') }}">logout</a> {% endif %}{% endblock %}

Resources/views/Admin/Security/login.html.twig

@@ -0,0 +1,37 @@
+{% extends base_template %}
+
+{% block content %}
+    {% if error %}
+        <div>{{ error }}</div>
+    {% endif %}
+
+    <form action="{{ path("sonata_user_admin_security_check") }}" method="post">
+
+        <div class="clearfix">
+            <label for="username">{{ 'security.login.username'|trans({}, 'FOSUserBundle') }}</label>
+
+            <div class="input">
+                <input type="text" id="username" name="_username" value="{{ last_username }}" class="sonata-medium"/>
+            </div>
+        </div>
+
+        <div class="clearfix">
+            <label for="password">{{ 'security.login.password'|trans({}, 'FOSUserBundle') }}</label>
+
+            <div class="input">
+                <input type="password" id="password" name="_password" class="sonata-medium" />
+            </div>
+        </div>
+
+        <div class="clearfix">
+            <label for="remember_me">
+                <input type="checkbox" id="remember_me" name="_remember_me" value="on" />
+                {{ 'security.login.remember_me'|trans({}, 'FOSUserBundle') }}
+            </label>
+        </div>
+
+        <div class="actions">
+            <input type="submit" class="btn primary" id="_submit" name="_submit" value="{{ 'security.login.submit'|trans({}, 'FOSUserBundle') }}" />
+        </div>
+    </form>
+{% endblock content %}