roles and access_control fosuserbundle
Question
I'm working with FOSUserBundle, and now I'm trying the roles and access control.
I tried to create a new role, change the role of one of my user, then access a page with restricted access.
security.yml :
security:
encoders:
FN\UserBundle\Entity\User: sha512
role_hierarchy:
ROLE_USER_CONFIRMED: ROLE_USER
ROLE_ADMIN: [ROLE_USER, ROLE_USER_CONFIRMED]
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_USER_CONFIRMED, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
main:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main_login:
pattern: ^/login$
anonymous: true
main:
pattern: ^/
anonymous: true
provider: main
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
always_use_default_target_path: false
default_target_path: /client/home
target_path_parameter: _target_path
use_referer: false
logout:
path: fos_user_security_logout
target: /home
remember_me:
key: %secret%
access_control:
- { path: ^/client, roles: ROLE_USER_CONFIRMED }
- { path: ^/admin, roles: ROLE_ADMIN }
I changed the roles of my user with $user->setRoles(array('ROLE_USER_CONFIRMED'));
In my database, user's role changed well, but when I click on the user in the FOSUserBundle toolbar, my user stay in ROLE_USER. and when I go on the page : "xxx/client/home", I have an ACCESS DENIED page.
Have you an idea of why the role is well changed in my database, but I can't open the page ?
1 answers
solution1
2 2014-02-25 22:05:24
did you have the user logout then log back in? Roles get pulled and saved as part of the session upon logging in so if you applied the role while the user was logged in on a machine, the user would not see that reflected on that machine until they logged out and then logged back in.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.