Reputation: 834
Symfony2 - Custom ROLES
I am trying to set custom roles to my security.yml, thus after the login the user can or can't access to the main page (I use ActiveDirectory).
All I want is to create one role: ROLE_GUEST
Here's my security.yml file :
role_hierarchy:
ROLE_GUEST: ROLE_GUEST
ROLE_USER: [ROLE_GUEST, ROLE_USER]
ROLE_ADMIN: [ROLE_GUEST, ROLE_USER, ROLE_ADMIN]
ROLE_SUPER_ADMIN: [ROLE_GUEST, ROLE_USER, ROLE_ADMIN, ROLE_SUPER_ADMIN]
If I understood well, this is how I read those roles :
- A user who has the role 'ROLE_GUEST' can only see page which requires 'ROLE_GUEST'
- A user who has the role 'ROLE_USER' may also see any page which requires 'ROLE_GUEST'
- "A user who has the role 'ROLE_ADMIN' may also see any page which requires 'ROLE_GUEST' and 'ROLE_USER'"
- etc...
Then, I set the access_control as the following :
access_control:
- { path: ^/$, role: ROLE_USER }
What I want in this access_control is to limit the access of the main page to only ROLE_USER. I already set the default role to ROLE_GUEST when the user logins for the first time. But even if I put ROLE_USER like above, I can access the main page with a user who has the ROLE_GUEST.
Any idea how I can get this working ?
Thanks !
Upvotes: 2
Views: 4188
Answers (2)
Reputation: 834
Alright I figured it out.
Apparently the FOS User bundle automatically adds the ROLE "USER" to every users, even if you didn't say so in your User entity (you can check it on the profiler).
So by assuming you want a custom ROLE, keep in mind that ROLE_USER will always be the lower ROLE as everyone will have it.
Correct me if I'm wrong !
Oh also I've corrected my firewall and access_control (if it can help someone) :
Role Hierarchy settings:
role_hierarchy:
ROLE_CUSTOM: [ROLE_USER]
ROLE_ADMIN: [ROLE_CUSTOM]
ROLE_SUPER_ADMIN: [ROLE_ADMIN]
Firewalls settings :
firewalls:
main:
pattern: ^/
Access Control settings :
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/, role: ROLE_CUSTOM } // IMPORTANT TO BE THE LAST ONE
Upvotes: 1
Reputation: 8268
Your regular expression seems to be the problem, ^/$ matches only one / and nothing else. This is what you mean I guess:
access_control:
- { path: ^/.*, role: ROLE_USER }
Also your role hierarchy can be simplified:
role_hierarchy:
ROLE_USER: [ROLE_GUEST] # ROLE_USER implies ROLE_GUEST
ROLE_ADMIN: [ROLE_USER] # ROLE_ADMIN implies ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN] # and so on ...
This page from the docs is very helpfull to understand the concept behind security voters: http://symfony.com/doc/current/cookbook/security/voters_data_permission.html
In symfony 2.6 it is simplified to write custom voters: http://symfony.com/blog/new-in-symfony-2-6-simpler-security-voters
And there is a video introduction on knpuniversities youtube channel: https://www.youtube.com/watch?v=fF8tpdlnyaE
Upvotes: 2
Related Questions
- Symfony 4 - Define custom user roles from DB
- how to make a dynamic roles in Symfony
- how to manage roles in symfony
- symfony 3: how to add role to specific user
- Symfony2: Something like a Role Provider?
- How to add a new role in Symfony2?
- Symfony2 User Roles (BETA2)
- Role Interface and Manage Roles
- How to manage roles in symfony2 application
- Issues related to roles in symfony