Reputation: 99
I have FOSUserBundle
and I want to do a simple access list path that if an user is not logged it will send to login page and if is not ROLE_ADMIN
o other he can't go to /admin
page .
I write this in my security.yml
:
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: IS_AUTHENTICATED_FULLY }
- { path: ^/admin, role: ROLE_ADMIN }
but now all user logged can go to /admin page
...
I don't understand my wrong.
Upvotes: 1
Views: 1511
Reputation: 21610
Try to change
- { path: ^/, role: IS_AUTHENTICATED_FULLY }
- { path: ^/admin, role: ROLE_ADMIN }
to
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/, role: IS_AUTHENTICATED_FULLY }
Upvotes: 4
Reputation: 29912
Rules are parsed in the order they're written so,
- { path: ^/, role: IS_AUTHENTICATED_FULLY }
will grant access to all areas under /
if user is authenticated
You need to switch last two rules and all will surely work as you expect.
Upvotes: 4