Customizing admin users roles?


#1

Hi,
is it possible to have multiple roles for the /admin back-office (ie: to have users that can manage customers without managing products and user who can edit products / taxonomies without managing customers / shop users).
So far , all I have seen is a single role ROLE_ADMINISTRATION_ACCESS, and I can’t change the roles of a given admin user in the back-office.

Thanks in advance for your help.
Kind regards,

David


#2

Not yet, but we are working on an enterprise ACL plugin. It will be available on our Sylius plugin marketplace website. The idea is for it to be affordable, flexible and easy to install as each of our https://github.com/BitBagCommerce plugins. If you need it ASAP, ping me on mikolaj.krol@bitbag.pl email :slightly_smiling_face:


#3

At this moment you can do it manually, with adding this to Sylius\Bundle\CoreBundle\Form\Type\User\AdminUserType formtype extension:

$builder
        ->add('roles', ChoiceType::class, [
            'choices' => [
                "Admin" => AdminUserInterface::DEFAULT_ADMIN_ROLE,
                "Accountant" => "ROLE_ACCOUNTANT",
                "Worker" => "ROLE_WORKER"
            ],
            'multiple' => true
        ])
    ;

and adding similar to app/config/security.yml:

- { path: "%sylius.security.admin_regex%/orders/[0-9]+", role: [ROLE_ACCOUNTANT, ROLE_WORKER, ROLE_ADMINISTRATION_ACCESS] }

(change orders to needed route url)


#4

Thanks, it’s perfect.
@bitbager : thanks for the offer, but for my use case I don’t need full ACL plugin, a granularity per role is perfect.

Best regards,
David


#5

If, however, you still want more something advanced, we just released our plugin store. Here’s the ACL plugin - https://bitbag.shop/products/sylius-access-control-layer :rocket:


#6

I’m not sure it’s possible, but it’s great for some type of administrator UI to remove the roll and remove permissions.I also try to customize Aol Shield