Protect admin with roles

Question

I want only users have ADMIN or ENSEIGNANT roles can access to the admin part but still I get Access Denied even when I authenticate as ENSEIGNANT

role_hierarchy:
    ROLE_ADMIN:      [ROLE_ENSEIGNANT]
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

//...........


access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, roles: [ROLE_ADMIN, ROLE_ENSEIGNANT] }

enter image description here

score 1 · Accepted Answer · answered May 17 '15 at 18:28

1

I think you are giving an ENSEIGNANT to user not ROLE_ENSEIGNANT, but your access control is checking against ROLE_ENSEIGNANT, that's why you're getting an Access denied exception. Try to change getRoles method to return ROLE_ENSEIGNANT if there's any..

answered May 17 '15 at 18:28

xurshid29

4,172
1
20
25

Yes ti was because I give it ENSEIGNANT not a ROLE_ENSEIGNANT. thank you very much – hous May 17 '15 at 19:40

Protect admin with roles

1 Answers1