CODEWITHSUNDEEP
symfonysecuritysymfony4access-control
A.Seddighi
A.Seddighi

Reputation: 1765

Return access denied with access control

I'm using Symfony 4.1.7 in my security.yaml have this access control:

access_control:
    # master:
    - { path: ^/master, roles: ROLE_MASTER }
    # manager:
    - { path: ^/.*/manager, roles: ROLE_MANAGER }
    # main:
    - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }

when i open the second one url (/foo/manager) and not authorized i will redirected to login path i need to return access denaid not redirect to login. my last goal is call event listener for append role to authorize user from event listener.

Update: Here is my security firewall section:

 main:
        pattern: ^/
        user_checker: App\Security\Checker\UserChecker
        anonymous: ~
        provider: default
        context: primary
        simple_form:
            authenticator: App\Security\Authenticator\UserAuthenticator
            check_path: login
            login_path: login
            username_parameter: phone
            password_parameter: password
            use_referer: true
        logout:
            path: logout
        remember_me:
            secret: '%kernel.secret%'
            lifetime: 604800
            path: /
            remember_me_parameter: remember_me

Upvotes: 0

Views: 592

Answers (2)

Ezequiel Esnaola
Ezequiel Esnaola

Reputation: 60

Yo need to configure the login_path en the security.yml

Example:

providers:
    fos_userbundle:
        id: fos_user.user_provider.username_email
    in_memory: { memory: ~ }
encoders:
    FOS\UserBundle\Model\UserInterface: sha512
firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    main:
        pattern:             .*
        context:            user
        form_login:
            provider:       fos_userbundle
            login_path:     /login
            use_forward:    false
            check_path:     /login_check
            failure_path:   null

Symfony Doc.

Upvotes: 1

Preciel
Preciel

Reputation: 2837

You have to allow users to access this path and instead use your controller to check the user role.

$this->denyAccessUnlessGranted('ROLE_MANAGER ', null, 'Unable to access this page!');

or

$this->isGranted('ROLE_MANAGER');

Depending on what you want to do.

Upvotes: 0

Related Questions