Search code examples
phpsymfonysonata-admin

How to fix "Access Denied to the action list and role LIST" message?

I am using the Sonata Admin Bundle to manage some entities. One of my entities is called Equivalent. It has two simple fields.

I ran sonata:admin:generate to create an admin class for this new entity. The I/O is as follows: 

The fully qualified model class: AppBundle\Entity\Equivalent
The bundle name [AppBundle]:
The admin class basename [EquivalentAdmin]:
Do you want to generate a controller [no]? yes
The controller class basename [EquivalentAdminController]:
Do you want to update the services YAML configuration file [yes]?
The services YAML configuration file [admin.yml]:
The admin service ID [app.admin.equivalent]:

The admin class "AppBundle\Admin\EquivalentAdmin" has been generated under the file "/usr/src/app/src/AppBundle/Admin/EquivalentAdmin.php".

The controller class "AppBundle\Controller\EquivalentAdminController" has been generated under the file "/usr/src/app/src/AppBundle/Controller/EquivalentAdminController.php".

The service "app.admin.equivalent" has been appended to the file "/usr/src/app/src/AppBundle/Resources/config/admin.yml".

... and the problem is that now when I go to /admin/app/equivalent/list -- even as a superuser -- I get this error:

Access Denied to the action list and role LIST

So my question is: How can I avoid this error and allow my superuser to access a listing?

(Consider it to be a karmic bonus if you also include ways to allow other actions.)

Solution

  • Whoops! A look at the database confirmed that my super user was actually not a super user. The user's "roles" field was mighty sparse, actually.

    Taking a look at security.yml (and the users table in the database) and then fixing that lack of roles by using fos:user:promote "fixed" the problem temporarily.

    ======

    Edit #1:

    But trying those same steps a few days later did not solve the problem, so the question is still open.

    ======

    Edit #2:

    After some help from a coworker and a skim through https://symfony.com/doc/master/bundles/SonataAdminBundle/reference/security.html, it became clear that the application is using some "magic" naming conventions to allow new ROLE_ definitions in the security.yml file.

    So because I had app.admin.equivalent defined as a service in my admin.yml file, I added ROLE_APP_ADMIN_EQUIVALENT_LIST in the relevant place in my security.yml file, and the list view started to work just fine for my user.