My code is security
security:
access_control:
- { path: '^/(%app.locales%)/profile/messages', roles: [ROLE_ADMIN]}
role_hierarchy:
ROLE_ADMIN: [ROLE_USER]
User has role ROLE_ADMIN, but get access denied. If i change code:
security:
access_control:
- { path: '^/(%app.locales%)/profile/messages', roles: [ROLE_USER]}
role_hierarchy:
ROLE_ADMIN: [ROLE_USER]
All it's OK. I have access. Where i have error?
The problem was that I changed the role through the database. In order for this to apply, it was necessary to log out and log in.
Related
I am having issues securing a route 'dashboard' to a custom user role. I am using FOSUserBundle and I am aware that due to due users are given ROLE_USER by default - even though this role does appear in the user table.
On a user sign in (this happens via Steam) I add a new custom
$user->setRoles(['ROLE_LOGGED_STEAM_USER']);
My issue flows as such - User hits site - User logs in - redirect to Dashboard route - with the access denied error.
I have also disabled the security line and dumping out the ROLES to which I can pull from the token user object to confirm the ROLE exists and matches the rule
Here is my security ACL
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
steamauth:
id: steam.user_provider
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
provider: steamauth
pattern: ^/
form_login:
provider: fos_userbundle
logout: true
anonymous: true
form_login:
login_path: login
check_path: login_check
steam:
default_route: controller.dashboard.home
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/dashboard, role: ROLE_LOGGED_STEAM_USER }
Initially, I wasn't aware that all roles had to Begin with ROLE_*
Here is a screenshot of the user entry with the role attached here
I hope its somthing simple im just overlooked so any help would be great!
Thanks it advance for any help/suggestions!
Not sure but I think you have a typo, please try changing role to roleS wtih "s"
- { path: ^/dashboard, roles: ROLE_LOGGED_STEAM_USER }
I think you must register your custom role on the "role_hierarchy" so the code will be:
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_LOGGED_STEAM_USER]
ROLE_SUPER_ADMIN: ROLE_ADMIN
Hope it help.
I want that the user with the role ROLE_USER_1 or ROLE_USER_2 is getting to ^/(de|en)/secured/account/. But what I don't want that e.g. a user with ROLE_USER_2 can go to ^/(de|en)/secured/account/profile or any other action. User with the role ROLE_USER_2 can only go to ^/(de|en)/secured/account/.
What is wrong with my security.yml:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_USER_B2B: ROLE_USER_B2B_INACTIVE
access_control:
- { path: ^/(en|de)/secured/account/$, roles: [ROLE_USER_B2B_INACTIVE, ROLE_USER_B2B] }
- { path: ^/(en|de)/secured/account/*, roles: ROLE_USER_B2B }
My answer, what is working! Just had to switch the first roles! A little bit stupid. And I uncomment the role hierachy with ROLE_USER_B2B.
role_hierarchy:
ROLE_ADMIN: ROLE_USER
access_control:
- { path: ^/(en|de)/secured/b2b/account/$, roles: [ROLE_USER_B2B, ROLE_USER_B2B_INACTIVE] }
- { path: ^/(en|de)/secured/b2b/account/*, roles: ROLE_USER_B2B }
I have installed FOSUserBundle, I see that's active and my login page is ok too. The problem comes out when I try to login as an user. If I insert wrong credentials, nothing happens, I'm redirected to the login page without signalling "bad credentials" as usual. If I insert right user information, I'm redirected to the homepage and I'm not logged in, in the Symfony toolbar I'm authenticated as anonymous and I have only an AnonymousToken.
This is my security.yml:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
This is part of my config.yml:
fos_user:
db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
firewall_name: main
user_class: ***\***Bundle\Entity\User
In Symfony log, I can read:
security.INFO: User "sampleuser" has been authenticated successfully [] []
but this is apparently not happening.
I've just found the solution to my problem. The cause was LswMemcacheBundle ,
I have installed memcached php extension, but i haven't run memcache on my system. I've run it and afterwards all login/logout functionalities have started working correctly.
I've been using FOSUserBundle for a long time now, but this never happened to me. It seems that the firewall is not working, because I can access any page from my site, when I should only be redirected to the login page when accessing as ANONYMOUS.
So, this is my security file:
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js|assets)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout:
invalidate_session: false
anonymous: true
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
And this is my config.yml file:
#v1.0
imports:
- { resource: parameters.yml }
- { resource: security.yml }
fos_user:
db_driver: orm
firewall_name: main
user_class: My\Bundle\Entity\User
So, from where I see, everything is configured correctly so It should work as expected. But, this is not happening. So, the questions is: where else should I look for any conflictive configuration file, or conflictive entities, etc? Because I've been debugging for hours before coming to ask the question here (I did not want to ask a silly question), but I cannot figure out what could be happening.
Any ideas?
your problem:
The correct ACL attribute is roles not role.
working examples:
security:
# ...
access_control:
# ...
- { path: ^/, roles: ROLE_USER }
- { path: ^/admin, roles: [ROLE_ADMIN, ROLE_TRANSLATOR] }
explanation:
Because of the wrong attribute name there are effectively no mandatory roles configured.
That's why - as you have anonymous set to true - access will currently be granted without any restrictions.
Please have a look at the documentation chapter Securing specific URL patterns.
i have a Twig extension menu in my page, but i need use isGranted method to display the menu items according to the user, but symfony2 profilers shows me an alert:
The profilers says:
AuthenticationCredentialsNotFoundException: The security context contains no authentication token. One possible reason may be that there is no firewall configured for this URL.
in C:\xampp\htdocs\galvez_motos\app\cache\dev\classes.php line 2395
at SecurityContext->isGranted('ROLE_ADMIN') in C:\xampp\htdocs\galvez_motos\src\GalvezMotos\AlmacenBundle\Twig\MenuExtension.php line 432
How can i use the isGranted method before login?
security.yml:
security:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/
anonymous: ~
form_login:
login_path: login
check_path: login_check
logout:
path: /logout
target: /
invalidate_session: false
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/, roles: ROLE_USER }
providers:
user_db:
entity: { class: GalvezMotos\AlmacenBundle\Entity\Usuario, property: username }
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
encoders:
GalvezMotos\AlmacenBundle\Entity\Usuario:
algorithm: sha1
iterations: 1
encode_as_base64: false
Pd: Images