Deny access to ROLE_ADMIN symfony

Question

I work with with Symfony 2.7 and FOSUserBundle 2.0

What i want is to allow access to /admin to ROLE_ADMIN user but to deny him other paths.

# app/security.yml

access_control:
    - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: ROLE_USER }
    - { path: ^/admin, roles: ROLE_SUPER_ADMIN }

role_hierarchy:
    ROLE_USER:       ROLE_USER
    ROLE_ADMIN:      ROLE_ADMIN

I thought about php app/console fos:user:demote admin ROLE_USER but ROLE_USER is the default role of FOSUser, so every times the admin connects, ROLE_USER comes back in addition to ROLE_ADMIN .

How can do this ?

Answer 1

In that case, ROLE_ADMIN as no access to ROLE_MANAGER

access_control:
    - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/roles: ROLE_MANAGER }
    - { path: ^/admin, roles: ROLE_ADMIN }

role_hierarchy:
    ROLE_USER:       
        - ROLE_USER
    ROLE_MANAGER:    
        - ROLE_USER
    ROLE_ADMIN:     
        - ROLE_ADMIN