stackoom
  简体   繁体   中英

Symfony2 firewall, ROLE_USER has access to /admin

 原文  2013-04-06 10:12:34       symfony/ fosuserbundle

Question

I have a problem with the firewall thing in Symfony2.

I have these in my security.yml file 

- { path: ^/, role: ROLE_USER }
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/users, role: ROLE_ADMIN }

In my menu builder im using isGranted and this works perfect, if I login with my ROLE_USER user, the menu does not build the admin menu.

But if I manually type /admin in the browser I get the admin pages. (this happens both in production and dev envoirenment)

In the toolbar in dev env I can see the user dont have the ROLE_ADMIN role

If I dont login at all, I only see the login page, so here is everything fine

Full security.yml: https://gist.github.com/lsv/2e9dce622fd82d31853c

Full config.yml: https://gist.github.com/lsv/ec87592f911262af5417

Im using FOSUserbundle

1 answers

solution1
 4 ACCPTED  2013-04-06 10:35:25

Entries in access_control should be in the order from more specific to more general . So, in your case, they should be in the following order: 

- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/, roles: ROLE_USER }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Symfony2 Firewall: User has right role but “Access denied” Symfony 4 ROLE_USER to ROLE_ADMIN with database Does Symfony2 grants de ROLE_USER by default? Symfony2 - How to only show specific elements to ROLE_USER Symfony FosUserBundle show only user with role == ROLE_USER Symfony2 - check if user has role at authentication Symfony 2 - Adding user roles under the ROLE_USER Symfony2 Firewall not preventing access symfony2 access private files as admin user symfony2 access control restrict ROLE_SUPER_ADMIN
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM