Overview
The SonataExtra Approval Workflow is designed to log all actions within the admin site, providing a comprehensive overview of activities, resources involved, descriptions, and users. This feature ensures that actions are logged but not applied immediately. Instead, they require validation by a user with the ROLE_APPROVE
permission.
Features
- Action Logging: Logs every action but does not apply changes instantly.
-
Role-Based Approval: Actions need approval from a user with
ROLE_APPROVE
. - Pending Modifications Alert: A red notification badge in the admin interface alerts administrators of modifications awaiting approval.
- Detailed Action View: Displays action type, resource, description, user, and date in the list view.
- Approval and Detail Buttons: Allows administrators to approve modifications or view detailed information.
- Purge Functionality: An option to purge pending modifications.
- Detailed Modification View: Shows impacted fields and values for each action.
Screens
-
Editor action :
-
Admin notification :
-
List view :
-
Detail view :
Configuration Steps
Add EventListeners
sonata-extra.doctrine_activity_listener:
class: Partitech\SonataExtra\EventListener\DoctrineActivityListener
tags:
- { name: doctrine.event_listener, event: prePersist }
- { name: doctrine.event_listener, event: preUpdate }
- { name: doctrine.event_listener, event: preRemove }
- { name: doctrine.event_listener, event: onFlush }
- { name: kernel.event_listener, event: sonata.admin.event.batch_action.pre_batch_action, method: onPreBatchAction }
sonata-extra.configure_menu_listener:
class: Partitech\SonataExtra\EventListener\ConfigureMenuListener
tags:
- { name: kernel.event_listener, event: sonata.admin.event.configure.menu.sidebar, method: onMenuConfigure }
arguments:
- "@service_container"
- "@doctrine.orm.entity_manager"
- "@request_stack"
- "@security.authorization_checker"
Configure entity exclusion
You can exclude any entities from the workflow. By default you should exclude your SonataMediaMedia and User entities.
parameters:
sonata_approve_excluded_entities:
- 'App\Entity\BackofficeUser'
- 'App\Entity\SonataMediaMedia'
- 'Partitech\SonataExtra\Entity\Slider'
Configure Menu
By default the approval menu is dynamically inserted in the root of the menu with a visual red alert To prevent double display when the menu group is open, you can list the menu items that will hide the root alert.
parameters:
sonata_approve_menu:
- 'admin_app_approval'
- 'admin_app_adminactivitylog'
- 'admin_app_sonatamediamedia'
- 'admin_app_backofficeuser'
- 'admin_app_sonatapagesite'
Configure Roles
Any users that don't have ROLE_APPROVE will be in the workflow rule. If you want to get the admin activity log without the approval workflow, just add ROLE_APPROVE to your default admin user.
security:
role_hierarchy:
ROLE_EDITOR:
- ROLE_USER
- ROLE_SONATA_ADMIN
- ROLE_ADMIN_USERADMIN_ALL
- ROLE_ADMIN_ADMIN_ACTIVITY_LOG_ALL
- ROLE_ADMIN_ADMIN_APPROVAL_LOG_ALL
- ROLE_ADMIN_USERADMIN_ALL
- ROLE_ADMIN_REDIRECTION_ALL
- ROLE_SONATA_EXTRA_ADMIN_SLIDER_ALL
- ROLE_SONATA_EXTRA_ADMIN_SLIDER_SLIDES_ALL
- ROLE_SONATA_EXTRA_ADMIN_FAQ_CATEGORY_ALL
- ROLE_SONATA_EXTRA_ADMIN_FAQ_QUESTION_ALL
- ROLE_SONATA_USER_ADMIN_USER_ALL
- ROLE_SONATA_MEDIA_ADMIN_MEDIA_ALL
- ROLE_SONATA_MEDIA_ADMIN_GALLERY_ALL
- ROLE_SONATA_MEDIA_ADMIN_GALLERY_ITEM_ALL
- ROLE_SONATA_PAGE_ADMIN_PAGE_ALL
- ROLE_SONATA_PAGE_ADMIN_BLOCK_ALL
- ROLE_SONATA_PAGE_ADMIN_SHARED_BLOCK_ALL
- ROLE_SONATA_PAGE_ADMIN_SNAPSHOT_ALL
- ROLE_SONATA_PAGE_ADMIN_SITE_ALL
- ROLE_PRODIGIOUS_SONATA_MENU_ADMIN_MENU_ALL
- ROLE_PRODIGIOUS_SONATA_MENU_ADMIN_MENU_ITEM_ALL
ROLE_ADMIN:
- ROLE_USER
- ROLE_SONATA_ADMIN
- ROLE_APPROVE
- ROLE_EDITOR
- ROLE_ADMIN_ADMIN_ACTIVITY_LOG_ALL
- ROLE_ADMIN_ADMIN_APPROVAL_LOG_ALL
-
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
Usage and Workflow
-
Non-Approved Users: Users without
ROLE_APPROVE
can perform actions, but these will be logged and await approval. - Approval Required: A notification in the 'Pending Modifications' tool alerts administrators to actions requiring approval.
- Approval Process: Administrators with ROLE_APPROVE can view details and either approve or reject modifications.
- Purge Option: Administrators can use the purge button to clear pending modifications.
Conclusion
The SonataExtra Approval Workflow enhances control and security by ensuring that all modifications are logged and require approval by authorized personnel. This feature is crucial for maintaining integrity and accountability within the admin interface.