As soon as I set sonata_admin.security.handler to sonata.admin.security.handler.acl the only user who has access is the one with ROLE_SUPER_ADMIN.
I think I configured everything right, obviously not.
I tried:
to give the user the real role ROLE_VIP_CONTACT_ADMIN instead of assigning by a fos_group, no success.
all options forsecurity.access_decision_manager.strategy: affirmative, consensus and unanimous
to delete all acl tables, acl:init, sonata:admin:setup-acl, with and without sonata:admin:generate-object-acl and cleared the cache every time.
With no success.
# Acme\MyBundle\Controller\CRUDController.php
$securityContext->getAdminPermissions();
# -> ["CREATE", "LIST", "DELETE", "UNDELETE", "EXPORT", "OPERATOR", "MASTER"]
dump($this->admin->getSecurityInformation());
/* -> array:3 [▼
"GUEST" => array:2 [▼
0 => "VIEW"
1 => "LIST"
]
"STAFF" => array:3 [▼
0 => "EDIT"
1 => "LIST"
2 => "CREATE"
]
"ADMIN" => array:3 [▼
0 => "MASTER"
1 => "OPERATOR"
2 => "EXPORT"
]
] */
dump($this->getUser()->getRoles());
/* -> array:15 [▼
0 => "ROLE_ADMIN"
1 => "ROLE_VIP_CONTACT_GUEST"
2 => "ROLE_VIP_CONTACT_STAFF"
3 => "ROLE_VIP_CONTACT_ADMIN" # <--- I gave him everything!
[...]
9 => "ROLE_ALLOWED_TO_SWITCH"
[...]
16 => "ROLE_USER"
] */
Now I open my browser and go to app_dev.php/my-path-to/vip/contact/list, resulting in an AccessDeniedException.
/edit: It's the same problem as here ACL + SonataAdminBundle + SonataUserBundle.
On Symphony >3.1 you should use this:
services:
security.acl.permission.map:
class: Sonata\AdminBundle\Security\Acl\Permission\AdminPermissionMap
instead
parameters:
security.acl.permission.map.class: Sonata\AdminBundle\Security\Acl\Permission\AdminPermissionMap
After hours of debugging, the result is to let ACL know about the LIST permission by using Sonata's AdminPermissionMap.
See SonataAdminBundle 5. Security and Documentation » Admin (Ctrl+F: security.acl.permission.map.class)
parameters:
security.acl.permission.map.class: Sonata\AdminBundle\Security\Acl\Permission\AdminPermissionMap
You might already know this.
To make a long story short: Configuration is not only done by writing some config files, but also to import the right ones.
Related
I am trying to list a token of XRPL, set truct and receive the following
"error_message" => "Field 'tx_json.LimitAmount' has invalid data."
"request" => array:5 [▼
"command" => "submit"
"fee_mult_max" => 1000
"offline" => false
"secret" => "<masked>"
"tx_json" => array:6 [▼
"Account" => "rX49UBNi94tCCt2jb7tHVjdYSVwHNhQK2"
"DestinationTag" => 1
"Fee" => "15000"
"Flags" => 262144
"LimitAmount" => array:3 [▼
"currency" => "Xoge"
"issuer" => "rJMtvf5B3GbuFMrqybh5wYVXEH4QE8VyU1"
"value" => "1000000000000000"
]
"TransactionType" => "TrustSet"
]
]
"status" => "error"
using this document: https://xrpl.org/trustset.html
XRP Ledger supports either a three-letter ISO 4217 Currency Code or a 160-bit(40-character) hexadecimal string as value for "currency" field.
In your case(above code), you are using "Xoge" as value for the field "currency" inside "LimitAmount" object. "Xoge" has more than 3 letters, so it's throwing error. You can either switch to a 3 letter currency code or convert "Xoge" into 160-bit(40-character) hexadecimal string.
LimitAmount: {
currency: '586F676500000000000000000000000000000000',
issuer: 'rJMtvf5B3GbuFMrqybh5wYVXEH4QE8VyU1',
value: '1000000000000000'
},
Here 586F676500000000000000000000000000000000 represents Xoge in 160-bit hex.
Couple of more things I noticed from your code:
Fee is represented in drops. So you can lower your fee a bit, and it'll still work.
You are setting flag 262144 which enables rippling. Usually TrustLine is setup by regular users with the issuer, so it's always recommended to have flag 131072, which blocks rippling from the user end of the TrustLine.
I have some rules in security.yml that basically tell symfony which roles should be alowed to access some route/url.
Is there a way to determine in the code for a given request which roles are allowed?
I am intending to use this in an event listener.
You can use AccessMap from use Symfony\Component\Security\Http\AccessMapInterface;
AccessMap contain the mapping of your access_control configuration.
You can auto wire the service easily in your listener:
private AccessMapInterface $accessMap;
public function __construct(AccessMapInterface $accessMap)
{
$this->accessMap = $accessMap;
}
Don't forget to register the service :
#services.yaml
services:
#...
Symfony\Component\Security\Http\AccessMapInterface: '#security.access_map'
Then you can use AccessMap to match your request using the method $this->accessMap->getPatterns($request) and access each configuration.
Example from one of my projet:
Symfony\Component\Security\Http\AccessMap {#8567 ▼
-map: array:7 [▼
0 => array:3 [▼
0 => Symfony\Component\HttpFoundation\RequestMatcher {#8547 ▼
-path: "^/login"
-host: null
-port: null
-methods: []
-ips: []
-attributes: []
-schemes: []
}
1 => array:1 [▼
0 => "PUBLIC_ACCESS"
]
2 => null
]
1 => array:3 [▶]
2 => array:3 [▶]
3 => array:3 [▶]
4 => array:3 [▶]
5 => array:3 [▶]
6 => array:3 [▶]
]
}
Let's try to see what role is required in my login page:
//$request is from my login page
dump($this->accessMap->getPatterns($request));
array:2 [▼
0 => array:1 [▼
0 => "PUBLIC_ACCESS"
]
1 => null
]
So it should be easy to match your request in your listener, and use the result of getPatterns which contains the required roles for your request.
If you want to access a specific route configuration that is not your current request, you could do something like:
$this->accessMap->getPatterns(Request::create('/login', 'GET'));
I'm trying to send VoIP push notifications through the Firebase. I uploaded a *.p8 file to my project in the Firebase Console and now have an APNs Auth Key displayed there.
My alarm push notifications are delivered without any problems:
'apns' => [
'headers' => [
'apns-push-type' => ‘alarm',
],
...
But when I try to change the type to voip I get an error:
'apns' => [
'headers' => [
'apns-push-type' => 'voip',
'apns-topic' => ‘com.mycompany.myapp.voip'
],
...
Firebase response:
#errors: array:1 [
"error" => array:4 [
"code" => 400
"message" => "Request contains an invalid argument."
"status" => "INVALID_ARGUMENT"
"details" => array:2 [
0 => array:2 [
"#type" => "type.googleapis.com/google.firebase.fcm.v1.FcmError"
"errorCode" => "INVALID_ARGUMENT"
]
1 => array:2 [
"#type" => "type.googleapis.com/google.rpc.BadRequest"
"fieldViolations" => array:1 [
0 => array:2 [
"field" => "message.token"
"description" => "Invalid registration token"
]
]
]
]
]
]
Any ideas? Am I missing something important?
The situation at the date (16/03/2020): No, Firebase Cloud Messaging doesn't support APNS VoIP push notifications, but it's planned.
The official Firebase support answer:
Currently, VoIP push is not supported by FCM. However, we're aware that a lot of developers like you want this, so there's already a feature request filed for this. As of now, we are yet to find out any details or timelines as to when it will be implemented. You can check our release notes from time to time for any updates about Firebase features and its services.
Have a request that looks like this
ParameterBag {#362 ▼
#parameters: array:1 [▼
"form" => array:5 [▼
"titre" => "new b"
"prix" => "4444"
"slug" => "with-different-slug"
"publier" => "unpub"
"Modifier" => ""
]
]
}
How can I use the
$post = Request::createFromGlobals();
$post->request->has() on those nested properties?
ParameterBag's has function does not support deep check. It is just an array_key_exists call.
You could use get with $deep parameter set to true.
E.g.:
$post = Request::createFromGlobals();
$post->request->get('form[titre]', null, true);
It will return null (the second parameter), if the value does not exist.
EDIT:
This function however deprecated in 2.8.
Using paths to find deeper items in get is deprecated since version 2.8 and will be removed in 3.0. Filter the returned value in your own code instead.
For the simplicity of the problem I am not using role_hierarchy on my security.yml.
I have a logged user. If I do this on my controller:
dump($this->get('security.token_storage')->getToken()->getUser()->getRoles());
This is what I get:
array:3 [▼
0 => "ROLE_SUPER_ADMIN"
1 => "ROLE_ADMIN"
2 => "ROLE_USER"
]
But then if I ask for isGranted, I just get true on 'ROLE_USER', and false with all the rest:
dump($this->get('security.authorization_checker')->isGranted('ROLE_USER'));
dump($this->get('security.authorization_checker')->isGranted('ROLE_ADMIN'));
dump($this->get('security.authorization_checker')->isGranted('ROLE_SUPER_ADMIN'));
gives me:
true
false
false
I am using FOSUserBundle and my user extends their BaseUser (which on turn implements UserInterface) and I am not touching any method of it on my User entity.
Can you spot the problem? Is that I can not use the security.checker with FOSUSerBundle?
UPDATE:
If I dump($this->getUser()) this is what I get:
Usuario {#2290 ▼
#id: 3
#username: "u1"
#usernameCanonical: "u1"
#email: "u1"
#emailCanonical: "u1"
#enabled: true
#salt: "8wqvgv5t24g0ssck44gw4008c04g8sg"
#password: "zfDmozi78wrglXx3SUaCiz7490o4ZzKYEukcbdlCQ5FAWpA4jgLFQT6BXNbo3tzTyhdPDOCC/h4ZDs32SKlGEw=="
#plainPassword: null
#lastLogin: DateTime {#2288 ▶}
#confirmationToken: null
#passwordRequestedAt: null
#groups: null
#locked: false
#expired: false
#expiresAt: null
#roles: array:2 [▼
0 => "ROLE_SUPER_ADMIN"
1 => "ROLE_ADMIN"
]
#credentialsExpired: false
#credentialsExpireAt: null
}
As you can see, FSOS just add the 'ROLE_USER' in getRoles() method since it is not present in the actual array of Roles.
Logging out and back in again will resolve the issue.