HandoSensei
Reputation: 3
Symfony access_control by role
I read this page about Symfony security!
But I can't use the access_control. I have two routes back and dashboard. Back is only for ROLE_SUPER_ADMIN and in order to go to the dashboard, the user must be authenticated.
Anonymous users can go everywhere and ROLE_USER can go to back (SUPER ADMIN only)
This is my file security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/dashboard, roles: ROLE_USER }
- { path: ^/back, roles: ROLE_ADMIN }
Thanks for your help
Upvotes: 0
Views: 299
Answers (1)
DonCallisto
Reputation: 29912
Of course Anonymous users can go everywhere! Take a look to your first rule
access_control:
- { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }
Even for /back path the rule seems to act properly because you hit the first access_control rule that grant the action
Faster solution: try to invert your rules order
Better solution: try to write better (less general) rules [if your app let you do that]
Upvotes: 2
Related Questions
- Symfony security access_control allow if NOT having specific role
- Symfony 2.8 access control
- Symfony access control by roles
- How to get dynamic security privileges with Symfony Security
- Symfony2 access control with multiple role requirement
- Symfony access control forbids user with correct role
- symfony2 security roles
- Symfony2 Access Control/Security
- Symfony security roles
- Symfony2 - Access control