Symfony安全被授予

Question

I have controller with annotation * @Security("is_granted('PERM_MODULE_OUTBOUND_INVOICES_READ')") and I write test for some action in this controller, create user and loginIn, and when call rout for this action have error

Expression "is_granted('PERM_MODULE_OUTBOUND_INVOICES_READ')" denied access.

when add role to user PERM_MODULE_OUTBOUND_INVOICES_READ still have access denied

when commented tgis and in action check current user is granted have true

    /**
 * @Route("/manage/new_outbound_invoices", name="new_outbound_invoices")
 */
public function outBoundInvoiceListsAction(Request $request)
{
        $check = $this->get('security.authorization_checker')
        ->isGranted('PERM_MODULE_OUTBOUND_INVOICES_READ', $this->getUser());

but with security annotation access denied why not understand this is my test

        $user = $this->user;
    $this->logIn($user);
    //$t = $this->getContainer()->get('security.context')->getToken(); try get token and have null, but in action have user from session
    $this->client->setServerParameter('HTTP_HOST', 'erp.houseoptima.fi.local');
    $crawler = $this->client->request('GET', '/economy/manage/new_outbound_invoices');

this function for LogIn

    public function logIn(User $user)
{
    $session = $this->client->getContainer()->get('session');

    $firewall = 'main';
    $token = new UsernamePasswordToken($user, null, $firewall, $user->getRoles());
    $session->set('_security_'.$firewall, serialize($token));
    $session->save();

    $cookie = new Cookie($session->getName(), $session->getId());
    $this->client->getCookieJar()->set($cookie);
}

What problem with this security ? With annotation error 403 withot 200 and when check in action is granted user have true

Answer 1

You need to pass the User object

/**
 * @Security("is_granted('PERM_MODULE_OUTBOUND_INVOICES_READ', user)")
 */
public function indexAction(User $user)
{