Sonataadminbundle: Allow user without LIST access use autocomplete on filters

Created on 9 Sep 2016 · 6Comments · Source: sonata-project/SonataAdminBundle

Subject

Allow user without LIST access use autocomplete on filters

Environment

Sonata packages

$ composer show sonata-project/*
sonata-project/admin-bundle              3.7.0  The missing Symfony Admin Generator
sonata-project/block-bundle              3.1.1  Symfony SonataBlockBundle
sonata-project/cache                     1.0.7  Cache library
sonata-project/core-bundle               3.1.1  Symfony SonataCoreBundle
sonata-project/datagrid-bundle           2.2    Symfony SonataDatagridBundle
sonata-project/doctrine-extensions       1.0.2  Doctrine2 behavioral extensions
sonata-project/doctrine-orm-admin-bundle 3.1.0  Symfony Sonata / Integrate Doctrine ORM into the SonataAdminBundle
sonata-project/easy-extends-bundle       2.1.10 Symfony SonataEasyExtendsBundle
sonata-project/exporter                  1.7.0  Lightweight Exporter library
sonata-project/formatter-bundle          3.0.1  Symfony SonataFormatterBundle
sonata-project/google-authenticator      1.0.2  Library to integrate Google Authenticator into a PHP project
sonata-project/user-bundle               3.0.1  Symfony SonataUserBundle

Symfony packages

$ composer show symfony/*
symfony/assetic-bundle     v2.8.0  Integrates Assetic into Symfony2
symfony/monolog-bundle     2.11.1  Symfony MonologBundle
symfony/phpunit-bridge     v2.8.11 Symfony PHPUnit Bridge
symfony/polyfill-apcu      v1.2.0  Symfony polyfill backporting apcu_* functions to lower PHP versions
symfony/polyfill-intl-icu  v1.2.0  Symfony polyfill for intl's ICU-related data and classes
symfony/polyfill-mbstring  v1.2.0  Symfony polyfill for the Mbstring extension
symfony/polyfill-php54     v1.2.0  Symfony polyfill backporting some PHP 5.4+ features to lower PHP versions
symfony/polyfill-php55     v1.2.0  Symfony polyfill backporting some PHP 5.5+ features to lower PHP versions
symfony/polyfill-php56     v1.2.0  Symfony polyfill backporting some PHP 5.6+ features to lower PHP versions
symfony/polyfill-php70     v1.2.0  Symfony polyfill backporting some PHP 7.0+ features to lower PHP versions
symfony/polyfill-util      v1.2.0  Symfony utilities for portability of PHP codes
symfony/security-acl       v3.0.0  Symfony Security Component - ACL (Access Control List)
symfony/swiftmailer-bundle v2.3.11 Symfony SwiftmailerBundle
symfony/symfony            v2.8.11 The Symfony PHP framework

PHP version

$php -v
PHP 5.6.16 (cli) (built: Nov 28 2015 09:40:11) 
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
    with Xdebug v2.3.3, Copyright (c) 2002-2015, by Derick Rethans

Steps to reproduce

If user don't have LIST rights on other entity can't be used 'doctrine_orm_model_autocomplete' filter.

Expected results

List of items for filter

Actual results

Access denied

Example:

Entity: User, Company, Order
Orders can be filtered by company, but user can't list Companies in admin.

Problem

here is check for target admin list which is for filter and other:
https://github.com/sonata-project/SonataAdminBundle/blob/3.x/Controller/HelperController.php#L374

Solution

Most simple solution would be move check only to create/edit.
but this would break test https://github.com/sonata-project/SonataAdminBundle/blob/3.x/Tests/Controller/HelperControllerTest.php#L519
I would provide PR but not sure if solution is correct if this intention was as this.

Other solution would be new permission for filter, but I'm not sure if this makes much sense.

bug

Source