CODEWITHSUNDEEP
phpsymfony
YagoQuinoy
YagoQuinoy

Reputation: 133

Symfony - Getting anonymous user instead authenticated user

I'm developing a simple blog using symfony 2 for it.

I'm stuck in security issues. I want to display "edit" links if user loged in the site, but i'm getting anonymous user.

Here is my security.yml and the template code. Thanks!

security.yml:

security:
encoders:
    Symfony\Component\Security\Core\User\User: plaintext

role_hierarchy:
    ROLE_ADMIN: ROLE_USER
    ROLE_SUPER_ADMIN:   [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

providers:
    in_memory:
        memory:
            users:
                admin: { password: admin, roles: ['ROLE_ADMIN'] }

firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    # secures part of the application
    blog_secured_area:
        pattern:    ^/edit
        anonymous: ~
        http_basic:
            realm: "Secured Blog Area"

    # the blog page has to be accessible for everybody
    blog_public:
        pattern:  ^/
        anonymous: true


access_control:
    - { path: ^/edit, roles: ROLE_ADMIN }

article.html.twig (url: /detail/{id})

{% if is_granted('ROLE_ADMIN') %}
    <a href="{{path('yago_web_blog_edit', {'id': article.id} )}}">Editar</a>
{% endif %}

Upvotes: 0

Views: 1167

Answers (1)

zizoujab
zizoujab

Reputation: 7800

Try to switch the order of the security firewals : 

firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
    pattern:  ^/(_(profiler|wdt)|css|images|js)/
    security: false

# the blog page has to be accessible for everybody
blog_public:
    pattern:  ^/
    anonymous: true

# secures part of the application
blog_secured_area:
    pattern:    ^/edit
    anonymous: ~
    http_basic:
        realm: "Secured Blog Area"

access_control:
- { path: ^/edit, roles: ROLE_ADMIN }

Because I think that symfony2 will scan the firewalls and see them one after other in the order they are written , in your case the last one tells that all routes are accessible with anonymous role so it will be on /edit route as well.

Upvotes: 1

Related Questions