Let me complement Simon's answer.
2016-07-18 7:16 GMT-03:00 Mike Kidson <[email protected]>: > Any user can create an order. An order where he indicate what he wants, > how many, from which vendor. and then assign it to a specific supervisor > with other roles that should approve the order, or disapprove it, or sent > it to someone else for a second opinion. > > On the same time while the all this happens, a log should be kept. When an > order is created a log for that order should indicate who created it and > when. If the order is modified (edited) the log should be updated > according. When another user approve or disapprove the order, same story, > it should be logged. > > > Now, how do I add a form to the bottom of a 'show' template for > supervisors to select another user, and to approve or disapprove it? > It's a little complicated. But not impossible. Just a bunch of read. There some possibilities here, I'll point some directions and you choose the way it works better for you. - You can use ACL[1][2][3]. In my experiences I prefer don't use it, I don't know how it is now in sonata project. It's a complex system with some database tables that adds a lot query load. But it's important to understand what is, the concept. - You can use custom voters[4][5] - You can create your own bitwise logic[6] and use queries with BIT_AND and BIT_OR - In parallel of all I said you should understand Admin Extensions[7] will be good to centralize some codes. - In the CRUD you can filter what will be listed using createQuery method [8], check view, edit, delete permissions under a custom voter or admin extension (there is a new method called checkAccess, take a look at SonataAdminBundle:CRUD controller) In a current project I'm using a very complex security level and I choose use bitwise operations to speed up and simplify code. I strongly recommend reading every single line of the manual again and > again and experiment to get the most out of it; That's a good point, besides that you should read each line of Sonata CRUD controller and AbstractAdmin class. [1] https://en.wikipedia.org/wiki/Access_control_list [2] http://symfony.com/doc/current/cookbook/security/acl.html [3] https://sonata-project.org/bundles/admin/master/doc/reference/security.html [4] http://symfony.com/doc/current/cookbook/security/voters.html [5] http://symfony.com/doc/master/bundles/SonataAdminBundle/reference/security.html#create-a-custom-voter-or-a-custom-permission-map [6] http://www.xaprb.com/blog/2006/08/16/how-to-build-role-based-access-control-in-sql/ [7] https://sonata-project.org/bundles/admin/master/doc/reference/extensions.html [8] https://sonata-project.org/bundles/admin/master/doc/reference/action_list.html#customizing-the-query-used-to-generate-the-list Att., Cassiano Tartari -- You received this message because you are subscribed to the Google Groups "sonata-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/sonata-users. For more options, visit https://groups.google.com/d/optout.
