Sonata Admin: Create ACL on object created outside of Admin

If you're using Sonata Admin and Symfony's ACL, you can extends Sonata Admin with the CoopTilleulsAclSonataAdminExtensionBundle. Using it, lists just contain data the logged in user has right to view. Thanks to the ACL editor, you can simply manage ACL inside your application and in the Sonata Admin.

It's perfectly working when objects are created inside the Sonata Admin, but don't works when you're creating them in a custom controller. 
To make it working, you just have to create the ACL using the Sonata Admin Security Handler.

Let's imagine you've a controller that is handling a form, and we've like the following code:

Now, you just have to get the which is an alias of the current security handler (look at SonataAdminExtension.php#L108) and update ACLs after persisting your model. If your Admin service for this model is named foo.barbundle.admin.model, use the following code:


Symfony2 Form, PATCH requests and handleRequest: Form is never valid

From Symfony 2.3 we can use (PR #7849) PATCH requests with the Form component to submit a part of the form which will override the form default values. This is really helpful moreover using FOSRestBundle and its listeners !

With this configuration, to make a user available to PATCH its profile using REST API, you simply have to write this few lines:

But the form is never valid…

In fact, you’ll never have a valid form if you let it as it’s. The problem is that the form is never submitted by the HttpFundationRequestHandler because the current request method (PATCH) isn’t a GET or POST, which are waited by the form (see L39).

Two solutions

You’ve 2 simple solutions, use the submit method, or set the method option on the form.