Merged in FD3-53 (pull request #13)

FD3-53 ROLES por Grupos

app/config/config.yml

@@ -118,6 +118,8 @@ sonata_admin:
         user_block: BaseOAuthClientBundle:Core:oauth_user_block.html.twig
         list: BaseAdminBundle::standard_list.html.twig
     persist_filters: true
+    security:
+        handler: sonata.admin.security.handler.role
 
 doctrine_migrations:
     dir_name: "%kernel.root_dir%/DoctrineMigrations"

app/config/roles.yml

@@ -0,0 +1,57 @@
+security:
+
+    role_hierarchy:
+
+        # HOST
+        ROLE_SONATA_HOST_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_HOST_LIST, ROLE_SONATA_ADMIN_HOST_VIEW]
+        ROLE_SONATA_HOST_EDITOR: [ROLE_SONATA_HOST_READER, ROLE_SONATA_ADMIN_HOST_CREATE, ROLE_SONATA_ADMIN_HOST_EDIT]
+        ROLE_SONATA_HOST_ADMIN: [ROLE_SONATA_HOST_EDITOR, ROLE_SONATA_ADMIN_HOST_DELETE, ROLE_SONATA_ADMIN_HOST_EXPORT]
+
+        # HOST_TYPE
+        ROLE_SONATA_HOST_TYPE_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_HOST_TYPE_LIST, ROLE_SONATA_ADMIN_HOST_TYPE_VIEW]
+        ROLE_SONATA_HOST_TYPE_EDITOR: [ROLE_SONATA_HOST_TYPE_READER, ROLE_SONATA_ADMIN_HOST_TYPE_CREATE, ROLE_SONATA_ADMIN_HOST_TYPE_EDIT]
+        ROLE_SONATA_HOST_TYPE_ADMIN: [ROLE_SONATA_HOST_TYPE_EDITOR, ROLE_SONATA_ADMIN_HOST_TYPE_DELETE, ROLE_SONATA_ADMIN_HOST_TYPE_EXPORT]
+
+        # NET_GROUP
+        ROLE_SONATA_NET_GROUP_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_NET_GROUP_LIST, ROLE_SONATA_ADMIN_NET_GROUP_VIEW]
+        ROLE_SONATA_NET_GROUP_EDITOR: [ROLE_SONATA_NET_GROUP_READER, ROLE_SONATA_ADMIN_NET_GROUP_CREATE, ROLE_SONATA_ADMIN_NET_GROUP_EDIT]
+        ROLE_SONATA_NET_GROUP_ADMIN: [ROLE_SONATA_NET_GROUP_EDITOR, ROLE_SONATA_ADMIN_NET_GROUP_DELETE, ROLE_SONATA_ADMIN_NET_GROUP_EXPORT]
+
+        # IPV_4_POOL
+        ROLE_SONATA_IPV_4_POOL_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_IPV_4_POOL_LIST, ROLE_SONATA_ADMIN_IPV_4_POOL_VIEW]
+        ROLE_SONATA_IPV_4_POOL_EDITOR: [ROLE_SONATA_IPV_4_POOL_READER, ROLE_SONATA_ADMIN_IPV_4_POOL_CREATE, ROLE_SONATA_ADMIN_IPV_4_POOL_EDIT]
+        ROLE_SONATA_IPV_4_POOL_ADMIN: [ROLE_SONATA_IPV_4_POOL_EDITOR, ROLE_SONATA_ADMIN_IPV_4_POOL_DELETE, ROLE_SONATA_ADMIN_IPV_4_POOL_EXPORT]
+
+        # SUB_NET
+        ROLE_SONATA_SUB_NET_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_SUB_NET_LIST, ROLE_SONATA_ADMIN_SUB_NET_VIEW]
+        ROLE_SONATA_SUB_NET_EDITOR: [ROLE_SONATA_SUB_NET_READER, ROLE_SONATA_ADMIN_SUB_NET_CREATE, ROLE_SONATA_ADMIN_SUB_NET_EDIT]
+        ROLE_SONATA_SUB_NET_ADMIN: [ROLE_SONATA_SUB_NET_EDITOR, ROLE_SONATA_ADMIN_SUB_NET_DELETE, ROLE_SONATA_ADMIN_SUB_NET_EXPORT]
+
+        # DHCP
+        ROLE_SONATA_DHCP_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_DHCP_LIST, ROLE_SONATA_ADMIN_DHCP_VIEW]
+        ROLE_SONATA_DHCP_EDITOR: [ROLE_SONATA_DHCP_READER, ROLE_SONATA_ADMIN_DHCP_CREATE, ROLE_SONATA_ADMIN_DHCP_EDIT]
+        ROLE_SONATA_DHCP_ADMIN: [ROLE_SONATA_DHCP_EDITOR, ROLE_SONATA_ADMIN_DHCP_DELETE, ROLE_SONATA_ADMIN_DHCP_EXPORT]
+
+        # DHCP_MODEL
+        ROLE_SONATA_DHCP_MODEL_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_DHCP_MODEL_LIST, ROLE_SONATA_ADMIN_DHCP_MODEL_VIEW]
+        ROLE_SONATA_DHCP_MODEL_EDITOR: [ROLE_SONATA_DHCP_MODEL_READER, ROLE_SONATA_ADMIN_DHCP_MODEL_CREATE, ROLE_SONATA_ADMIN_DHCP_MODEL_EDIT]
+        ROLE_SONATA_DHCP_MODEL_ADMIN: [ROLE_SONATA_DHCP_MODEL_EDITOR, ROLE_SONATA_ADMIN_DHCP_MODEL_DELETE, ROLE_SONATA_ADMIN_DHCP_MODEL_EXPORT]
+
+        # WORKFLOW
+        ROLE_SONATA_WORKFLOW_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_WORKFLOW_LIST, ROLE_SONATA_ADMIN_WORKFLOW_VIEW]
+        ROLE_SONATA_WORKFLOW_EDITOR: [ROLE_SONATA_WORKFLOW_READER, ROLE_SONATA_ADMIN_WORKFLOW_CREATE, ROLE_SONATA_ADMIN_WORKFLOW_EDIT]
+        ROLE_SONATA_WORKFLOW_ADMIN: [ROLE_SONATA_WORKFLOW_EDITOR, ROLE_SONATA_ADMIN_WORKFLOW_DELETE, ROLE_SONATA_ADMIN_WORKFLOW_EXPORT]
+
+        # ACTION
+        ROLE_SONATA_ACTION_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_ACTION_LIST, ROLE_SONATA_ADMIN_ACTION_VIEW]
+        ROLE_SONATA_ACTION_EDITOR: [ROLE_SONATA_ACTION_READER, ROLE_SONATA_ADMIN_ACTION_CREATE, ROLE_SONATA_ADMIN_ACTION_EDIT]
+        ROLE_SONATA_ACTION_ADMIN: [ROLE_SONATA_ACTION_EDITOR, ROLE_SONATA_ADMIN_ACTION_DELETE, ROLE_SONATA_ADMIN_ACTION_EXPORT]
+
+        # TEMPLATE
+        ROLE_SONATA_TEMPLATE_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_TEMPLATE_LIST, ROLE_SONATA_ADMIN_TEMPLATE_VIEW]
+        ROLE_SONATA_TEMPLATE_EDITOR: [ROLE_SONATA_TEMPLATE_READER, ROLE_SONATA_ADMIN_TEMPLATE_CREATE, ROLE_SONATA_ADMIN_TEMPLATE_EDIT]
+        ROLE_SONATA_TEMPLATE_ADMIN: [ROLE_SONATA_TEMPLATE_EDITOR, ROLE_SONATA_ADMIN_TEMPLATE_DELETE, ROLE_SONATA_ADMIN_TEMPLATE_EXPORT]
+
+        ROLE_ADMIN_TENANCIES: ROLE_ADMIN_TENANCIES
+        ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN]
+        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_USER_CREATE, ROLE_ADMIN_TENANCIES, ROLE_ALLOWED_TO_SWITCH]

app/config/security.yml

@@ -1,15 +1,16 @@
+imports:
+    - { resource: roles.yml }
+
 security:
 
     providers:
         oauth:
             id: base_oauth_bundle.oauth_user_provider
 
-    role_hierarchy:
-        ROLE_ADMIN: [ROLE_USER, ROLE_ALLOWED_TO_SWITCH]
-        ROLE_SUPER_ADMIN: ROLE_ADMIN
-
     firewalls:
         dev:
+            context: ik_share
+            stateless: false
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
 

composer.json

@@ -122,7 +122,7 @@
             "type": "vcs",
             "url": "ssh://git@infra.flowdat.com:222/VendorSoftwareFlowdat3/WorkflowBundle.git",
             "options": {
-                    "local_pk": "./keys/bitbucket.id_rsa"
+                "local_pk": "./keys/bitbucket.id_rsa"
             }
         }
     ],

composer.lock

@@ -1511,7 +1511,7 @@
             "source": {
                 "type": "git",
                 "url": "ssh://git@200.50.168.30:222/VendorSoftwareFlowdat3/ExtraDataBundle.git",
-                "reference": "06741a4abbe823cc750f3b1d746745a1ab934a60"
+                "reference": "47473cde04aa24d659598a1661a89015376cfe16"
             },
             "type": "library",
             "autoload": {
@@ -1526,7 +1526,7 @@
                 "bundle",
                 "extra-data"
             ],
-            "time": "2018-03-15T12:49:20+00:00"
+            "time": "2018-04-03T12:13:19+00:00"
         },
         {
             "name": "ik/migrations-bundle",
@@ -1607,7 +1607,7 @@
             "source": {
                 "type": "git",
                 "url": "ssh://git@200.50.168.30:222/VendorSoftwareFlowdat3/TemplateBundle.git",
-                "reference": "54859222f517480ba9e218092170fcd049472a4d"
+                "reference": "69e6761d6f3d3e9f85f5a43b72324f3d56dce4de"
             },
             "require": {
                 "ik/base-admin-bundle": "*"
@@ -1625,7 +1625,7 @@
                 "bundle",
                 "template"
             ],
-            "time": "2018-03-14T12:13:59+00:00"
+            "time": "2018-04-04T17:49:43+00:00"
         },
         {
             "name": "ik/webservice-bundle",
@@ -1654,7 +1654,7 @@
             "source": {
                 "type": "git",
                 "url": "ssh://git@200.50.168.30:222/VendorSoftwareFlowdat3/WorkflowBundle.git",
-                "reference": "9c70562562d4513c38873c958d588f5bedf5fda0"
+                "reference": "02e9a07ebe7c40417f4e78c451e26a893abc9164"
             },
             "require": {
                 "php-amqplib/rabbitmq-bundle": "^1.12"
@@ -1684,7 +1684,7 @@
                 "bundle",
                 "workflow"
             ],
-            "time": "2018-02-19T13:50:00+00:00"
+            "time": "2018-04-05T14:41:00+00:00"
         },
         {
             "name": "incenteev/composer-parameter-handler",

src/DHCPBundle/Resources/config/services.yml

@@ -1,5 +1,5 @@
 services:
-    dhcp.admin.dhcp:
+    sonata.admin.dhcp:
         class: DHCPBundle\Admin\DHCPAdmin
         arguments: [~, DHCPBundle\Entity\DHCP, BaseAdminBundle:CRUD]
         tags:
@@ -8,7 +8,7 @@ services:
             - [setTranslationDomain, [DHCPBundle]]
         public: true
 
-    dhcp.admin.dhcp_model:
+    sonata.admin.dhcp_model:
         class: DHCPBundle\Admin\DHCPModelAdmin
         arguments: [~, DHCPBundle\Entity\DHCPModel, BaseAdminBundle:CRUD]
         tags:

src/IPv4Bundle/Resources/config/services.yml

@@ -1,6 +1,6 @@
 services:
 
-    i_pv4.admin.host:
+    sonata.admin.host:
         class: IPv4Bundle\Admin\HostAdmin
         arguments: [~, IPv4Bundle\Entity\Host, BaseAdminBundle:CRUD]
         tags:
@@ -9,7 +9,7 @@ services:
             - [setTranslationDomain, [IPv4Bundle]]
         public: true
 
-    i_pv4.admin.host_type:
+    sonata.admin.host_type:
         class: IPv4Bundle\Admin\HostTypeAdmin
         arguments: [~, IPv4Bundle\Entity\HostType, BaseAdminBundle:CRUD]
         tags:
@@ -18,7 +18,7 @@ services:
             - [setTranslationDomain, [IPv4Bundle]]
         public: true
 
-    i_pv4.admin.net_group:
+    sonata.admin.net_group:
         class: IPv4Bundle\Admin\NetGroupAdmin
         arguments: [~, IPv4Bundle\Entity\NetGroup, BaseAdminBundle:CRUD]
         tags:
@@ -27,7 +27,7 @@ services:
             - [setTranslationDomain, [IPv4Bundle]]
         public: true
 
-    i_pv4.admin.pool:
+    sonata.admin.ipv_4.pool:
         class: IPv4Bundle\Admin\PoolAdmin
         arguments: [~, IPv4Bundle\Entity\Pool, BaseAdminBundle:CRUD]
         tags:
@@ -36,7 +36,7 @@ services:
             - [setTranslationDomain, [IPv4Bundle]]
         public: true
 
-    i_pv4.admin.sub_net:
+    sonata.admin.sub_net:
         class: IPv4Bundle\Admin\SubNetAdmin
         arguments: [~, IPv4Bundle\Entity\SubNet, BaseAdminBundle:CRUD]
         tags:
@@ -50,4 +50,3 @@ services:
        tags:
            - { name: kernel.event_listener, event: sonata.admin.event.configure.form, method: configureFormFields }
            - { name: kernel.event_listener, event: sonata.admin.event.configure.show, method: configureShowFields }
-