2. Installation

2.1. Prerequisites

If you’re planning on using this bundle with SonataAdminBundle, you may want to install and configure that bundle first.

and the persistence bundle (choose one):

Follow also their configuration step; you will find everything you need in their own installation chapter.

Note

If a dependency is already installed somewhere in your project or in another dependency, you won’t need to install it again.

2.2. Enable the Bundle

Add SonataUserBundle via composer:

composer require sonata-project/user-bundle

Next, be sure to enable the bundles in your config/bundles.php file if they are not already enabled:

// config/bundles.php

return [
    // ...
    Sonata\UserBundle\SonataUserBundle::class => ['all' => true],
];

3. Configuration

3.1. SonataUserBundle Configuration

1
2
3
4
5
6
7
8
9
# config/packages/sonata_user.yaml

sonata_user:
    class:
        user: App\Entity\SonataUserUser
    resetting:
        email:
            address: [email protected]
            sender_name: Sonata Admin

3.2. Doctrine ORM Configuration

And these in the config mapping definition (or enable auto_mapping):

# config/packages/doctrine.yaml

doctrine:
    orm:
        entity_managers:
            default:
                mappings:
                    SonataUserBundle: ~

And then create the corresponding entity, src/Entity/SonataUserUser:

// src/Entity/SonataUserUser.php

use Doctrine\ORM\Mapping as ORM;
use Sonata\UserBundle\Entity\BaseUser;

/**
 * @ORM\Entity
 * @ORM\Table(name="sonata_user__user")
 */
class SonataUserUser extends BaseUser
{
    /**
     * @ORM\Id
     * @ORM\GeneratedValue
     * @ORM\Column(type="integer")
     */
    protected $id;
}

The only thing left is to update your schema:

bin/console doctrine:schema:update --force

3.3. Doctrine MongoDB Configuration

You have to create the corresponding document, src/Document/SonataUserUser:

// src/Document/SonataUserUser.php

use Doctrine\ODM\MongoDB\Mapping\Annotations as MongoDB;
use Sonata\UserBundle\Document\BaseUser;

/**
 * @MongoDB\Document
 */
class SonataUserUser extends BaseUser
{
    /**
     * @MongoDB\Id
     */
    protected $id;
}

Then configure SonataUserBundle to use the newly generated classes:

# config/packages/sonata_user.yaml

sonata_user:
    manager_type: mongodb
    class:
        user: App\Document\SonataUserUser

3.4. Integrating the bundle into the Sonata Admin Bundle

Note

If you’re using this bundle without the optional Sonata Admin Bundle, please, ignore this section.

Add the related security routing information:

1
2
3
4
5
6
7
8
9
# config/routes.yaml

sonata_user_admin_security:
    resource: '@SonataUserBundle/Resources/config/routing/admin_security.xml'
    prefix: /admin

sonata_user_admin_resetting:
    resource: '@SonataUserBundle/Resources/config/routing/admin_resetting.xml'
    prefix: /admin

Then, add a new custom firewall handlers for the admin:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
# config/packages/security.yaml

security:
    enable_authenticator_manager: true
    firewalls:
        admin:
            lazy: true
            pattern: /admin(.*)
            provider: sonata_user_bundle
            context: user
            form_login:
                login_path: sonata_user_admin_security_login
                check_path: sonata_user_admin_security_check
                default_target_path: sonata_admin_dashboard
            logout:
                path: sonata_user_admin_security_logout
                target: sonata_user_admin_security_login
            remember_me:
                secret: '%env(APP_SECRET)%'
                lifetime: 2629746
                path: /admin

Note

If you run under the old authentication system (Symfony 4.4 or Symfony 5.4 with enable_authenticator_manager set to false) you should add anonymous set to true inside the admin firewall.

Add role hierarchy, hasher and provider:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
# config/packages/security.yaml

security:
    role_hierarchy:
        ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    password_hashers:
        Sonata\UserBundle\Model\UserInterface: auto

    providers:
        sonata_user_bundle:
            id: sonata.user.security.user_provider

Note

If you run under Symfony 4.4, password_hashers keyword inside security does not exist, instead replace on the above configuration with encoders.

The last part is to define 4 new access control rules:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
# config/packages/security.yaml

security:
    access_control:
        # Admin login page needs to be accessed without credential
        - { path: ^/admin/login$, role: PUBLIC_ACCESS }
        - { path: ^/admin/logout$, role: PUBLIC_ACCESS }
        - { path: ^/admin/login_check$, role: PUBLIC_ACCESS }
        - { path: ^/admin/request$, role: PUBLIC_ACCESS }
        - { path: ^/admin/check-email$, role: PUBLIC_ACCESS }
        - { path: ^/admin/reset/.*$, role: PUBLIC_ACCESS }

        # Secured part of the site
        # This config requires being logged for the whole site and having the admin role for the admin part.
        # Change these rules to adapt them to your needs
        - { path: ^/admin/, role: ROLE_ADMIN }
        - { path: ^/.*, role: PUBLIC_ACCESS }

Note

If you run under Symfony 4.4, PUBLIC_ACCESS role does not exist, instead replace on the above configuration with IS_AUTHENTICATED_ANONYMOUSLY.

3.5. Mailer Configuration

You can define a custom mailer to send reset password emails. Your mailer will have to implement Sonata\UserBundle\Mailer\MailerInterface.

1
2
3
4
# config/packages/sonata_user.yaml

sonata_user:
    mailer: custom.mailer.service.id

3.6. ACL Configuration

When using ACL, the UserBundle can prevent normal users to change settings of super-admin users, to enable this use the following configuration:

1
2
3
4
# config/packages/sonata_user.yaml

sonata_user:
    security_acl: true
1
2
3
4
5
# config/packages/security.yaml

security:
    acl:
        connection: default

3.7. Using the roles

Each admin has its own roles, use the user form to assign them to other users. The available roles to assign to others are limited to the roles available to the user editing the form.

3.8. Next Steps

At this point, your Symfony installation should be fully functional, without errors showing up from SonataUserBundle. If, at this point or during the installation, you come across any errors, don’t panic:

  • Read the error message carefully. Try to find out exactly which bundle is causing the error. Is it SonataUserBundle or one of the dependencies?
  • Make sure you followed all the instructions correctly, for both SonataUserBundle and its dependencies.
  • Still no luck? Try checking the project’s open issues on GitHub.