3

I'm following the Symfony docs and using the following twig helper function to determine if a user is switching roles for impersonation. The problem is, it always returns true for ROLE_ADMIN.

{% if is_granted('ROLE_PREVIOUS_ADMIN') %}
    <a href="{{ path('homepage', {'_switch_user': '_exit'}) }}">Exit impersonation</a>
{% endif %}

Oddly enough, when I inspect the security token via the debug toolbar for admins, I see the following roles:

[ROLE_ADMIN, ROLE_SHAWMUT, ROLE_USER]

And the following inherited:

[ROLE_USER, ROLE_ALLOWED_TO_SWITCH]

So why does is_granted('ROLE_PREVIOUS_ADMIN') return true if the above are the roles available to this security token?

=====

This is what I have to do to get this to work, which involves using the depreciated app.security.token variable:

            {% if is_granted('ROLE_PREVIOUS_ADMIN') %}
                {% for role in app.security.token.roles %}
                    {% if role.role == 'ROLE_PREVIOUS_ADMIN' %}
                        <span class="imp-designation">{impersonating}</span>
                    {% endif %}
                {% endfor %}
            {% endif %}

=====

Here is my security.yml file: http://pastebin.com/f04ZG4K8

Dominick
  • 448
  • 5
  • 18
  • ROLE_PREVIOUS_ADMIN should not be set when you are not impersonating... can you post your security.yml file ? – Miro Apr 19 '16 at 20:51
  • I've added it to the question – Dominick Apr 20 '16 at 19:30
  • instead of line "switch_user: {role: ROLE_ALLOWED_TO_SWITCH, parameter: _switch_user}" try line "switch_user: {role: ROLE_ADMIN, parameter: _switch_user}" – Miro Apr 20 '16 at 21:42
  • Gave that a shot and saw the same behavior. It seems to work but as soon as you impersonate a user and exit, the ROLE_PREVIOUS_ADMIN role remains granted which shouldn't happen. Any other ideas? – Dominick Apr 26 '16 at 14:31
  • I have no idea why role ROLE_PREVIOUS_ADMIN is granted also if the user is not during impersonate session but you can do check like this: {% if is_granted('ROLE_PREVIOUS_ADMIN') and is_granted('ROLE_ALLOWED_TO_SWITCH') == false %} – tomcyr Aug 21 '17 at 12:47
  • The app.security variable has been deprecated and removed, I have also tried with "app.token_storage.token.roles" but this is not working for me. I have to check same condition {% if role.role == 'ROLE_PREVIOUS_ADMIN' %} {{ role.source.user.username }} {% endif %} Please help me how to check "ROLE_PREVIOUS_ADMIN" ? – mobizen Sep 20 '17 at 10:29

0 Answers0