FD3-53 ROLES para radius

app/config/config.yml

@@ -112,3 +112,5 @@ sonata_admin:
         layout: BaseAdminBundle::standard_layout.html.twig
         user_block: BaseOAuthClientBundle:Core:oauth_user_block.html.twig
     persist_filters: true
+    security:
+        handler: sonata.admin.security.handler.role

app/config/security.yml

@@ -2,17 +2,49 @@ security:
     providers:
         oauth:
             id: base_oauth_bundle.oauth_user_provider
-    
+
     role_hierarchy:
-        ROLE_ADMIN: [ROLE_USER, ROLE_ALLOWED_TO_SWITCH]
-        ROLE_SUPER_ADMIN: ROLE_ADMIN
-            
-    firewalls:       
-                                
+
+        # RADIUS_PROFILE
+        ROLE_SONATA_RADIUS_PROFILE_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_RADIUS_PROFILE_LIST, ROLE_SONATA_ADMIN_RADIUS_PROFILE_VIEW]
+        ROLE_SONATA_RADIUS_PROFILE_EDITOR: [ROLE_SONATA_RADIUS_PROFILE_READER, ROLE_SONATA_ADMIN_RADIUS_PROFILE_CREATE, ROLE_SONATA_ADMIN_RADIUS_PROFILE_EDIT]
+        ROLE_SONATA_RADIUS_PROFILE_ADMIN: [ROLE_SONATA_RADIUS_PROFILE_EDITOR, ROLE_SONATA_ADMIN_RADIUS_PROFILE_DELETE, ROLE_SONATA_ADMIN_RADIUS_PROFILE_EXPORT]
+
+        # ACCESS
+        ROLE_SONATA_ACCESS_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_ACCESS_LIST, ROLE_SONATA_ADMIN_ACCESS_VIEW]
+        ROLE_SONATA_ACCESS_EDITOR: [ROLE_SONATA_ACCESS_READER, ROLE_SONATA_ADMIN_ACCESS_CREATE, ROLE_SONATA_ADMIN_ACCESS_EDIT]
+        ROLE_SONATA_ACCESS_ADMIN: [ROLE_SONATA_ACCESS_EDITOR, ROLE_SONATA_ADMIN_ACCESS_DELETE, ROLE_SONATA_ADMIN_ACCESS_EXPORT]
+
+        # NAS_MODEL
+        ROLE_SONATA_NAS_MODEL_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_NAS_MODEL_LIST, ROLE_SONATA_ADMIN_NAS_MODEL_VIEW]
+        ROLE_SONATA_NAS_MODEL_EDITOR: [ROLE_SONATA_NAS_MODEL_READER, ROLE_SONATA_ADMIN_NAS_MODEL_CREATE, ROLE_SONATA_ADMIN_NAS_MODEL_EDIT]
+        ROLE_SONATA_NAS_MODEL_ADMIN: [ROLE_SONATA_NAS_MODEL_EDITOR, ROLE_SONATA_ADMIN_NAS_MODEL_DELETE, ROLE_SONATA_ADMIN_NAS_MODEL_EXPORT]
+
+        # NAS
+        ROLE_SONATA_NAS_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_NAS_LIST, ROLE_SONATA_ADMIN_NAS_VIEW]
+        ROLE_SONATA_NAS_EDITOR: [ROLE_SONATA_NAS_READER, ROLE_SONATA_ADMIN_NAS_CREATE, ROLE_SONATA_ADMIN_NAS_EDIT]
+        ROLE_SONATA_NAS_ADMIN: [ROLE_SONATA_NAS_EDITOR, ROLE_SONATA_ADMIN_NAS_DELETE, ROLE_SONATA_ADMIN_NAS_EXPORT]
+
+        # WORKFLOW
+        ROLE_SONATA_WORKFLOW_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_WORKFLOW_LIST, ROLE_SONATA_ADMIN_WORKFLOW_VIEW]
+        ROLE_SONATA_WORKFLOW_EDITOR: [ROLE_SONATA_WORKFLOW_READER, ROLE_SONATA_ADMIN_WORKFLOW_CREATE, ROLE_SONATA_ADMIN_WORKFLOW_EDIT]
+        ROLE_SONATA_WORKFLOW_ADMIN: [ROLE_SONATA_WORKFLOW_EDITOR, ROLE_SONATA_ADMIN_WORKFLOW_DELETE, ROLE_SONATA_ADMIN_WORKFLOW_EXPORT]
+
+        # ACTION
+        ROLE_SONATA_ACTION_READER: [ROLE_ADMIN, ROLE_SONATA_ADMIN_ACTION_LIST, ROLE_SONATA_ADMIN_ACTION_VIEW]
+        ROLE_SONATA_ACTION_EDITOR: [ROLE_SONATA_ACTION_READER, ROLE_SONATA_ADMIN_ACTION_CREATE, ROLE_SONATA_ADMIN_ACTION_EDIT]
+        ROLE_SONATA_ACTION_ADMIN: [ROLE_SONATA_ACTION_EDITOR, ROLE_SONATA_ADMIN_ACTION_DELETE, ROLE_SONATA_ADMIN_ACTION_EXPORT]
+
+        ROLE_ADMIN_TENANCIES: ROLE_ADMIN_TENANCIES
+        ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN]
+        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_USER_CREATE, ROLE_ADMIN_TENANCIES, ROLE_ALLOWED_TO_SWITCH]
+
+    firewalls:
+
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
-            
+
         api:
           pattern: ^/api
           stateless: true
@@ -34,7 +66,7 @@ security:
                     login: /login_check
                 oauth_user_provider:
                     service: base_oauth_bundle.oauth_user_provider
-          
+
     access_control:
         - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/admin/, role: ROLE_ADMIN }

composer.json

@@ -131,19 +131,19 @@
         "doctrine/orm": "^2.5",
         "dwoo/dwoo": "dev-master",
         "hwi/oauth-bundle": "^0.5.3",
-        "ik/audit-bundle": "v0.2.1",
-        "ik/auth-bundle": "v0.2.1",
-        "ik/base-admin-bundle": "v0.2.1",
-        "ik/device-bundle": "v0.2.1",
-        "ik/extra-data-bundle": "v0.2.1",
-        "ik/leaflet-bundle": "v0.2.1",
-        "ik/map-bundle": "v0.2.1",
-        "ik/migrations-bundle": "v0.2.1",
-        "ik/oauthclient-bundle": "v0.2.1",
-        "ik/owner-voter-bundle": "v0.2.1",
-        "ik/template-bundle": "v0.2.1",
-        "ik/webservice-bundle": "v0.2.1",
-        "ik/workflow-bundle": "v0.2.1",
+        "ik/audit-bundle": "dev-master",
+        "ik/auth-bundle": "dev-master",
+        "ik/base-admin-bundle": "dev-master",
+        "ik/device-bundle": "dev-master",
+        "ik/extra-data-bundle": "dev-master",
+        "ik/leaflet-bundle": "dev-master",
+        "ik/map-bundle": "dev-master",
+        "ik/migrations-bundle": "dev-master",
+        "ik/oauthclient-bundle": "dev-master",
+        "ik/owner-voter-bundle": "dev-master",
+        "ik/template-bundle": "dev-master",
+        "ik/webservice-bundle": "dev-master",
+        "ik/workflow-bundle": "dev-master",
         "incenteev/composer-parameter-handler": "^2.0",
         "jdorn/sql-formatter": "^1.2.17",
         "jms/serializer": "^1.9.0",
@@ -236,4 +236,4 @@
             }
         ]
     }
-}
+}

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "content-hash": "d500a062fef560da6a02130ba4e4c629",
+    "content-hash": "607eee52f1621d766309e70f50a7bc47",
     "packages": [
         {
             "name": "behat/transliterator",
@@ -1414,7 +1414,7 @@
         },
         {
             "name": "ik/audit-bundle",
-            "version": "v0.2.1",
+            "version": "dev-master",
             "source": {
                 "type": "git",
                 "url": "ssh://git@200.50.168.30:222/VendorSoftwareFlowdat3/AuditBundle.git",
@@ -1438,7 +1438,7 @@
         },
         {
             "name": "ik/auth-bundle",
-            "version": "v0.2.1",
+            "version": "dev-master",
             "source": {
                 "type": "git",
                 "url": "ssh://git@200.50.168.30:222/VendorSoftwareFlowdat3/AuthBundle.git",
@@ -1461,7 +1461,7 @@
         },
         {
             "name": "ik/base-admin-bundle",
-            "version": "v0.2.1",
+            "version": "dev-master",
             "source": {
                 "type": "git",
                 "url": "ssh://git@200.50.168.30:222/VendorSoftwareFlowdat3/BaseAdmin.git",
@@ -1484,7 +1484,7 @@
         },
         {
             "name": "ik/device-bundle",
-            "version": "v0.2.1",
+            "version": "dev-master",
             "source": {
                 "type": "git",
                 "url": "ssh://git@gogs.infra.flowdat.com:222/VendorSoftwareFlowdat3/DeviceBundle.git",
@@ -1507,11 +1507,11 @@
         },
         {
             "name": "ik/extra-data-bundle",
-            "version": "v0.2.1",
+            "version": "dev-master",
             "source": {
                 "type": "git",
                 "url": "ssh://git@200.50.168.30:222/VendorSoftwareFlowdat3/ExtraDataBundle.git",
-                "reference": "06741a4abbe823cc750f3b1d746745a1ab934a60"
+                "reference": "47473cde04aa24d659598a1661a89015376cfe16"
             },
             "type": "library",
             "autoload": {
@@ -1526,11 +1526,11 @@
                 "bundle",
                 "extra-data"
             ],
-            "time": "2018-03-15T12:49:20+00:00"
+            "time": "2018-04-03T12:13:19+00:00"
         },
         {
             "name": "ik/leaflet-bundle",
-            "version": "v0.2.1",
+            "version": "dev-master",
             "source": {
                 "type": "git",
                 "url": "ssh://git@gogs.infra.flowdat.com:222/VendorSoftwareFlowdat3/LeafletBundle.git",
@@ -1551,7 +1551,7 @@
         },
         {
             "name": "ik/map-bundle",
-            "version": "v0.2.1",
+            "version": "dev-master",
             "source": {
                 "type": "git",
                 "url": "ssh://git@gogs.infra.flowdat.com:222/VendorSoftwareFlowdat3/MapBundle.git",
@@ -1574,7 +1574,7 @@
         },
         {
             "name": "ik/migrations-bundle",
-            "version": "v0.2.1",
+            "version": "dev-master",
             "source": {
                 "type": "git",
                 "url": "ssh://git@bitbucket.org/ikflowdat/migrations.git",
@@ -1597,7 +1597,7 @@
         },
         {
             "name": "ik/oauthclient-bundle",
-            "version": "v0.2.1",
+            "version": "dev-master",
             "source": {
                 "type": "git",
                 "url": "ssh://git@200.50.168.30:222/VendorSoftwareFlowdat3/BaseOAuthClientBundle.git",
@@ -1624,7 +1624,7 @@
         },
         {
             "name": "ik/owner-voter-bundle",
-            "version": "v0.2.1",
+            "version": "dev-master",
             "source": {
                 "type": "git",
                 "url": "ssh://git@200.50.168.30:222/VendorSoftwareFlowdat3/OwnerVoter.git",
@@ -1647,7 +1647,7 @@
         },
         {
             "name": "ik/template-bundle",
-            "version": "v0.2.1",
+            "version": "dev-master",
             "source": {
                 "type": "git",
                 "url": "ssh://git@200.50.168.30:222/VendorSoftwareFlowdat3/TemplateBundle.git",
@@ -1673,7 +1673,7 @@
         },
         {
             "name": "ik/webservice-bundle",
-            "version": "v0.2.1",
+            "version": "dev-master",
             "source": {
                 "type": "git",
                 "url": "ssh://git@200.50.168.30:222/VendorSoftwareFlowdat3/Webservice.git",
@@ -1694,11 +1694,11 @@
         },
         {
             "name": "ik/workflow-bundle",
-            "version": "v0.2.1",
+            "version": "dev-master",
             "source": {
                 "type": "git",
                 "url": "ssh://git@200.50.168.30:222/VendorSoftwareFlowdat3/WorkflowBundle.git",
-                "reference": "d868429d372fbf3e3498816187efb1e864f9bbf9"
+                "reference": "a30d064ede0bb044ee8ec57d6c0d3812f051699f"
             },
             "require": {
                 "php-amqplib/rabbitmq-bundle": "^1.12"
@@ -1728,7 +1728,7 @@
                 "bundle",
                 "workflow"
             ],
-            "time": "2018-03-22T13:09:04+00:00"
+            "time": "2018-04-04T13:14:19+00:00"
         },
         {
             "name": "incenteev/composer-parameter-handler",
@@ -6318,6 +6318,19 @@
     "minimum-stability": "stable",
     "stability-flags": {
         "dwoo/dwoo": 20,
+        "ik/audit-bundle": 20,
+        "ik/auth-bundle": 20,
+        "ik/base-admin-bundle": 20,
+        "ik/device-bundle": 20,
+        "ik/extra-data-bundle": 20,
+        "ik/leaflet-bundle": 20,
+        "ik/map-bundle": 20,
+        "ik/migrations-bundle": 20,
+        "ik/oauthclient-bundle": 20,
+        "ik/owner-voter-bundle": 20,
+        "ik/template-bundle": 20,
+        "ik/webservice-bundle": 20,
+        "ik/workflow-bundle": 20,
         "sonata-project/admin-bundle": 20,
         "voryx/restgeneratorbundle": 20
     },

src/RadiusBundle/Resources/config/services.yml

@@ -1,13 +1,13 @@
 services:
-    radius.admin.profile:
+    sonata.admin.radius_profile:
         class: RadiusBundle\Admin\ProfileAdmin
         arguments: [~, RadiusBundle\Entity\Profile, BaseAdminBundle:CRUD]
         tags:
             - { name: sonata.admin, manager_type: orm, group: Radius, label: Profile, label_catalogue: RadiusBundle, label_translator_strategy: sonata.admin.label.strategy.underscore }
-        calls:    
+        calls:
             - [setTranslationDomain, [RadiusBundle]]
 
-    radius.admin.access:
+    sonata.admin.access:
         class: RadiusBundle\Admin\AccessAdmin
         arguments: [~, RadiusBundle\Entity\Access, BaseAdminBundle:CRUD]
         tags:
@@ -15,7 +15,7 @@ services:
         calls:
             - [setTranslationDomain, [RadiusBundle]]
 
-    radius.admin.nas.model:
+    sonata.admin.nas_model:
         class: RadiusBundle\Admin\NASModelAdmin
         arguments: [~, RadiusBundle\Entity\NASModel, BaseAdminBundle:CRUD]
         tags:
@@ -23,7 +23,7 @@ services:
         calls:
             - [setTranslationDomain, [RadiusBundle]]
 
-    radius.admin.nas:
+    sonata.admin.nas:
         class: RadiusBundle\Admin\NASAdmin
         arguments: [~, RadiusBundle\Entity\NAS, BaseAdminBundle:CRUD]
         tags: