Symfony 2.8 access control

Question

I have the following in my access control section

access_control:
  - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
  - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
  - { path: ^/admin, roles: ROLE_SUPER_ADMIN }
  - { path: ^/(.*), roles: ROLE_USER }

I thought this would mean that my base url, and login screen wouldn't require the ROLE_USER but all other routes would require the user to be logged in. However this doesn't look to be the case as all routes seem to be AUTHENTICATED ANONYMOUSLY

I'm sure there's something simple i'm missing but any help is greatly appreciated!

Answer 1

your two lines point at the same URL patterns, so there is a conflict :

    - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/(.*), roles: ROLE_USER }

Try this one :

access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin, roles: ROLE_SUPER_ADMIN }
    - { path: ^/, roles: ROLE_USER }

Answer 2

Check the following codes. I think this is what you are looking for.

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, role: ROLE_USER }
    - { path: ^/admin/, role: ROLE_ADMIN }

By the above code, the login and only home path will accessible by anonymous user. Any other link will be accessible only if the user has some rules. But I believe you may have a register link and forgot password link. Both register and forgot password links should be accessible by all users. So don't forget to keep those urls in the 2nd line.

Hope this will help you.

Answer 3

Helo

All Access controls runs top-down.

Symfony checks current route with access control one-by-one from top to down.

And if it's match then don't check the rest.

move

- { path: ^/(.*), roles: ROLE_USER }

to top as a first condition