CODEWITHSUNDEEP
symfonysecurityauthenticationroutesfirewall
user1645161
user1645161

Reputation: 15

Symfony - Security / routing setup to enable password protected user pages

I'm pretty new to Symfony although I've managed to set up a working site, with role based authentication and firewalls I'm really struggling working out how to build a system that allows users to login and have access to a page that only they and admin has access to.

What I really want is a dynamic security role which enables the user in the current session access to their own private page and blocks everyone else...

Here's my actual config:

security:
    encoders: #define the encoders used to encode passwords
        Symfony\Component\Security\Core\User\User: plaintext
        IntuitByDesign\UserBundle\Entity\User: bcrypt
    role_hierarchy: 
        ROLE_ADMIN: [ROLE_USER] 
    providers:
        chain_provider:
            chain: 
                providers: [in_memory, user_db] 
        in_memory: 
            memory: 
                users:
                    admin: { password: adminpass, roles: ROLE_ADMIN }
        user_db: 
            entity: {class: IntuitByDesignUserBundle:User, property: username }    
    firewalls:
        main:
            logout: true
            pattern: /.* 
            form_login: 
                login_path: login
                check_path: login 
                default_target_path: /user 
            logout:
                path: /logout 
                target: / 
            security: true 
            anonymous: true 
    access_control: 
        - { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
        - { path: /logout, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: /user, roles: ROLE_ADMIN } 
        - { path: /user-page/,  roles: ROLE_USER}
        - { path: /.*, roles: IS_AUTHENTICATED_ANONYMOUSLY }

Any hints on how to do this?

Update: After login I would like to redirect page that only the specific logged in user can see.

I thought a way that this might be achieved could be with matching the session username with the user path?

Upvotes: 1

Views: 741

Answers (2)

Pointi
Pointi

Reputation: 386

You could check in the redirected action, if the user is logged in. If yes, load the data according to the user. e.g. you load the needed data by his user id.

So every user sees the data which is related with himself.

You can find more information about user authentication handling in this question: How to check if an user is logged in Symfony2 inside a controller?

Upvotes: 0

Darkness007
Darkness007

Reputation: 93

look FosUserBundle

you can create a system of user easily

Upvotes: 0

Related Questions