Issue with cascading roles in symfony3 and sonata user bundle

Question

I have my roles defined as follows:

security:
  role_hierarchy:
    ROLE_PROFESSIONAL_SERVICES_MANAGER: [ROLE_USER, ROLE_SONATA_ADMIN, ROLE_BRANCH_ASSISTANT]

When I try to check for permissions in my controller as below:

if($securityContext->isGranted('ROLE_PROFESSIONAL_SERVICES_MANAGER'))

The returns false because the in the profiler, the permissions appear to have been saved as shown below therefore:

"ROLE_PROFESSIONAL_SERVICES_MANAGER: ROLE_USER, ROLE_SONATA_ADMIN, ROLE_BRANCH_ASSISTANT"

Anyone know how I can resolve this?

Answer 1

Roles are for users not the app.

With your code you are defining that a user with role ROLE_PROFFESSIONAL_SERVICES_MANAGER will have the roles ROLE_USER, ROLE_SONATA_ADMIN and ROLE_BRANCH_ASSISTANT .

But now you need to assign that role to a user and sign that user in.

When you call $securityContext->isGranted() what it does is get the token from your current logged in user (wich you can see in the profiler) and check the roles of that user from the token.

So you need to have a user with the proper role assigned signed in.

If your already using SonatAUserBundle or FOSUserBundle use that command to create a user easily: bin/console fos:user:create

Then assign it the proper roles:

app/console fos:user:promote nameOfYourUser ROLE_PROFFESSIONAL_SERVICES_MANAGER

If your app has no user management system have a look here: https://sonata-project.org/bundles/admin/master/doc/reference/security.html#user-management