Sonata Admin general roles

You can easily do this by overriding the Sonata\AdminBundle\Security\Handler\RoleSecurityHandler class and getBaseRole method:

# AppBundle/Security/Handler/MyRoleSecurityHandler.phpnamespace AppBundle\Security\Handler;use Sonata\AdminBundle\Admin\AdminInterface;use Sonata\AdminBundle\Security\Handler\RoleSecurityHandler;class MyRoleSecurityHandler extends RoleSecurityHandler{   /**    * {@inheritDoc}    */   public function getBaseRole(AdminInterface $admin)   {        return 'ROLE_SONATA_ADMIN_%s';   }}

overwrites the sonata service related to this class:

# AppBundle/Resources/config/services.ymlservices:    #...    sonata.admin.security.handler.role:        class: AppBundle\Security\Handler\MyRoleSecurityHandler        public: false        arguments: [@security.context, [ROLE_SUPER_ADMIN]]

remember declare these roles in your hierarchy:

# app/config/security.ymlsecurity:    role_hierarchy:        # ...        ROLE_SONATA_ADMIN_LIST: ~        ROLE_SONATA_ADMIN_SHOW: ~        ROLE_SONATA_ADMIN_EDIT: ~        ROLE_SONATA_ADMIN_DELETE: ~        # etc.

once you assign these roles to the user, finally you can to check:

# inside of any admin classprotected function configureListFields(ListMapper $listMapper){    if ($this->isGranted('EDIT')) {       # ...    }}

Warning! The previous sonata roles (ROLE_SONATA_ADMIN_ARTICLE_EDIT, ROLE_SONATA_ADMIN_USER_EDIT, etc.) it will no work. So you could also override the class and the corresponding service of sonata-project/user-bundle/Security/EditableRolesBuilder.php to return only the hierarchy of roles.