0

Below is my security.yml file in which 2 methods works perfectly as an unsecured methods. But api_slots doesn't work as unsecured method. I don't know how I need to define method object name in security.yml like getSlotsAction method name and I created its object like api_slots because for unsecureListAction method api_doctors-list is used and works perfectly as per desire.

security:
encoders:
    AppBundle\Entity\BaseUser:
        algorithm: bcrypt
        cost: 12

role_hierarchy:
    ROLE_USER: ROLE_USER
    ROLE_ADMIN: [ROLE_USER, ROLE_ALLOWED_TO_SWITCH]

providers:
    admin:
        entity:
            class: AppBundle:AdminUser
            property: email
    api:
        entity:
            class: AppBundle:BaseUser
            property: authToken

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    api_slots:
        pattern: ^/api/slots$
        methods: [GET]
        security: false
        anonymous: true

    api_new_register:
        pattern: ^/api/users$
        methods: [POST]
        security: false
        anonymous: true

    api_doctors_list:
        pattern: ^/api/doctors$
        methods: [GET]
        security: false
        anonymous: true

    api_area:
        pattern: ^/api
        provider: api
        user_checker: psyma.security.app_user.checker
        guard:
            authenticator: psyma.security.token_authenticator
        stateless: true
        anonymous: false

        logout:
            path: admin_logout



    main:
        pattern: ^/
        anonymous: ~

access_control:
    - { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: "%requires_channel%" }
    - { path: ^/admin, roles: ROLE_ADMIN, requires_channel: "%requires_channel%" }
    - { path: ^/api, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: "%requires_channel%" }
    - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: "%requires_channel%" }

Here are my method names of above 3 unsecured method objects:

For api_doctors_list

/**
 * @Route("")
 * @Method("GET")
 */
public function unsecureListAction()

For api_new_register

/**
 * @param Request $request
 *
 * @return JsonResponse
 * @Route("/users")
 * @Method("POST")
 */
public function patientRegistrationAction(Request $request)

and for api_slots

/**
 * Class SlotController.
 *
 * @Route("/slots")
 */
 class SlotController extends JsonController
 {
/**
* @Route("")
* @Method("GET")
*
* @param Request $request
* 
* @return JsonResponse
*/
//@Security("has_role('ROLE_DOCTORUSER') or has_role('ROLE_PATIENTUSER') ")

public function getSlotsAction(Request $request)
Marc-André
  • 325
  • 2
  • 17
Faraz Tariq
  • 54
  • 7
  • Symfony version? Pretty sure you are not using 1.4. Maybe 2.8? Does console debug:router show the expected routes? It is a bit unusual to have so many firewalls defined. Typically you would use access control for this sort of stuff. And when you say api_slots does not work then what does that mean? Route not found? – Cerad Dec 19 '18 at 13:46
  • api_slots object doesn't give direct access to getSlotsAction method, it still required api_key that is what i mean api_slots doesn't work. Also i didn't built it from scratch. – Faraz Tariq Dec 20 '18 at 05:36

0 Answers0