0

I work with with Symfony 2.7 and FOSUserBundle 2.0

What i want is to allow access to /admin to ROLE_ADMIN user but to deny him other paths.

# app/security.yml

access_control:
    - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: ROLE_USER }
    - { path: ^/admin, roles: ROLE_SUPER_ADMIN }

role_hierarchy:
    ROLE_USER:       ROLE_USER
    ROLE_ADMIN:      ROLE_ADMIN

I thought about php app/console fos:user:demote admin ROLE_USER but ROLE_USER is the default role of FOSUser, so every times the admin connects, ROLE_USER comes back in addition to ROLE_ADMIN.

How can do this ?

yivi
  • 42,438
  • 18
  • 116
  • 138
Leogout
  • 1,187
  • 1
  • 13
  • 32

1 Answers1

1

In that case, ROLE_ADMIN as no access to ROLE_MANAGER

access_control:
    - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/roles: ROLE_MANAGER }
    - { path: ^/admin, roles: ROLE_ADMIN }

role_hierarchy:
    ROLE_USER:       
        - ROLE_USER
    ROLE_MANAGER:    
        - ROLE_USER
    ROLE_ADMIN:     
        - ROLE_ADMIN
sdespont
  • 13,915
  • 9
  • 56
  • 97