[英]Symfony2 Access Control/Security
好的,所以我想通过配置在symfony2中设置我的安全性。 我创建了一个role_hierarchy:
role_hierarchy:
ROLE_USER_ADMIN: ROLE_USER
ROLE_VENDOR: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_VENDOR, ROLE_USER_ADMIN, ROLE_ALLOWED_TO_SWITCH]
我已经设置了access_control:
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/administration/, roles: ROLE_VENDOR }
- { path: ^/administration/vendor/new, roles: ROLE_SUPER_ADMIN }
- { path: ^/administration/taxonomy, roles: ROLE_SUPER_ADMIN }
- { path: ^/administration/property, roles: ROLE_SUPER_ADMIN }
- { path: ^/administration/usagelimit, roles: ROLE_SUPER_ADMIN }
- { path: ^/account, roles: ROLE_USER }
- { path: ^/library, roles: ROLE_USER }
- { path: ^/profile, roles: ROLE_USER }
- { path: ^/vendors, roles: ROLE_USER }
- { path: ^/community, roles: ROLE_USER }
但是,当我以仅具有“ ROLE_VENDOR”的用户身份登录时,我可以访问/ administration / taxonomy,/ administration / property等路由。
我究竟做错了什么???
您的路线顺序错误。
这是先到先得的服务,它首先在/administration/
之后为该指令捕获的目录提供所有服务,因此允许ROLE_VENDOR
进行访问。
您应该将其更改为...
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/administration/, roles: ROLE_VENDOR } // Old home...
- { path: ^/administration/vendor/new, roles: ROLE_SUPER_ADMIN }
- { path: ^/administration/taxonomy, roles: ROLE_SUPER_ADMIN }
- { path: ^/administration/property, roles: ROLE_SUPER_ADMIN }
- { path: ^/administration/usagelimit, roles: ROLE_SUPER_ADMIN }
- { path: ^/administration/, roles: ROLE_VENDOR } // New home...
- { path: ^/account, roles: ROLE_USER }
- { path: ^/library, roles: ROLE_USER }
- { path: ^/profile, roles: ROLE_USER }
- { path: ^/vendors, roles: ROLE_USER }
- { path: ^/community, roles: ROLE_USER }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.