Symfony granting path access to multiple roles in security.yml

Question

Hi I would like to be able to allow access to a path in security.yml based on the user either having ROLE_TEACHER, or ROLE_ADMIN.

According to the question in Multiple roles required for same url in symfony 2 the entry below should allow either role access.

- { path: ^/admin, roles: ROLE_ADMIN}
- { path: ^/admin, roles: ROLE_TEACHER}

However, this will only allow the top role access. Is there a way of having multiple role access to a single path?

Replacing order of entities still only results in one of the roles working. Either of the two answers below allow usage of multiple roles. — nmcilree, Oct 21 '13 at 08:01
Several entries with the same pattern would not work. First matching entry takes priority. — Konstantin Pelepelin, Nov 05 '14 at 14:04

score 94 · Accepted Answer · answered Oct 18 '13 at 15:36

94

This is the way to go and what i'm using:

- { path: ^/admin, roles: [ROLE_ADMIN, ROLE_TEACHER] }

answered Oct 18 '13 at 15:36

Udan

2

if user has one or the other role it has access. you can combine it with the role hierarchy from @sergrkv answer and then a user has access to the rout if it has the role down the hierarchy chain – Udan Oct 30 '16 at 21:55
3

"Does this works in an OR logic?" Yes by default, but no if you use access_decision_manager.strategy: unaminous – Wesley Abbenhuis Jul 26 '19 at 05:34

Serge Kvashnin · Answer 2 · 2013-10-18T16:47:07.983

17

You can use the role hierarchy in security.yml:

role_hierarchy:
    ROLE_ADMIN: [ROLE_TEACHER]

#...

access_control:
    - { path: ^/admin, roles: ROLE_TEACHER}

So all of this roles will have access to that path.

edited Oct 18 '13 at 16:47

answered Oct 18 '13 at 15:43

Serge Kvashnin

2

If role1 inherits role2 then it will have access to all it's paths. If you want only 1 common path to be accessible for both roles and each have 5, then this example is not working. – Udan Jan 09 '15 at 09:19
@Udan the [doc](http://symfony.com/doc/current/book/security.html#hierarchical-roles) says about hierarchy, and it works well in most cases when your application has a clean structure. – Serge Kvashnin Jan 09 '15 at 10:04
I didn't say it's wrong, just that it doesn't apply to all cases. The issue was about "having multiple role access to a single path" not to all paths the other role can access. – Udan Jan 09 '15 at 10:08
@Udan you are right about all cases. I think my answer like yours is not for all cases. – Serge Kvashnin Jan 10 '15 at 10:47

2 Answers2