I'm trying to establish roles on my site. I have 3 administration pages:
The ROLE_ADMIN must be able to access these 3 links.
ROLE_INFOS must be able to access /admin/information
ROLE_PACKAGES must be able to access /admin/packages
My security.php looks like :
# app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: ROLE_USER, ROLE_INFOS, ROLE_PACKAGES
ROLE_INFOS: ROLE_INFOS, ROLE_USER
ROLE_PACKAGES: ROLE_PACKAGES, ROLE_USER
ROLE_USER: ROLE_USER
//...
access_control:
- { path: ^/admin/paquets, role: ROLE_PACKAGES }
- { path: ^/admin/informations, role: ROLE_INFOS }
- { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/accueil, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
I wanted to know if my way of organizing this is correct?
In addition, on my site, I have a navbar that displays different tabs depending on the role of the user
I have a tab "Management" which is actually a drop-down menu pointing to the 3 possible links (packages, users, information).
Only, I have this in my base.html.twig:
{% if is_granted('ROLE_ADMIN') %}
this condition shows me the management tab for the admins. I would like it to be displayed for each of the roles I mentioned ( ROLE_ADMIN, ROLE_INFO, ROLE_PACKAGES ).
Do I have to make something like :
{% if is_granted('ROLE_ADMIN') %} or
{% if is_granted('ROLE_INFOS') %} or
{% if is_granted('ROLE_PACKAGES') %}
Thanks for your help
You can manage it as you already done it, but...
#app/config/security.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_INFOS, ROLE_PACKAGES]
ROLE_INFOS: [ROLE_USER]
ROLE_PACKAGES: [ROLE_USER]
In your view you can hide some links by using:
{% if is_granted('ROLE_ADMIN') %}
<a href="{{ path('packages_foo') }}">Link to admin packages</a>
{% endif %}
Be aware, that only security annotation in a Controller manage security access. If you only use the code above, a user can access to page if it know URL to access to administration page.
In your controller, you can set security with security annotations which is a better practice than control_access
tools in security.yaml
file:
#src/Controller/PackageController.php
/* ... */
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
/* ... */
/**
* Package controller .
*
* @Route("/admin/packages")
*
* @Security("is_granted('ROLE_PACKAGE')")
*/
class PaymentController extends AbstractController
Have a look on Symfony security annotation documentation.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.