After installing Symfony2 cmf, when I tried to view the admin / dashboard I have the following error:
The function "is_granted" does not exist in SonataAdminBundle :: standard_layout.html.twig at line 95
I struggled with that quite a lot of time, too. Here's how to fix it:
Add the SecurityBundle to app/AppKernel.php
public function registerBundles()
{
$bundles = array(
// ...
// support for the admin
new Symfony\Bundle\SecurityBundle\SecurityBundle(),
);
// ...
}
Create a security.yml in your app/config folder, e.g. with this demo content:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
anonymous: ~
http_basic:
realm: "Secured Demo Area"
access_control:
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
#- { path: ^/_internal/secure, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }
and load it it your app/config/config.yml:
imports:
- { resource: security.yml }
That worked for me.
Just as a feedback to whoever else might face this issue :
acme's solution works. Apparently, users MUST be provided as described in
http://symfony.com/doc/master/cmf/tutorials/creating-cms-using-cmf-and-sonata.html
Related
I installed the Aimeos 2016 bundle on Symfony 3.1.2. The /list route works but when I go to /admin and try to log in, I get an error:
Unable to find the controller for path "/admin_check". The route is wrongly configured.
I did not do anything else to the code.
Any help would be appreciated!
Did you've set up Symfony authentication exactly like in the example?
security:
providers:
admin:
memory:
users:
admin: { password: secret, roles: [ 'ROLE_ADMIN' ] }
aimeos_customer:
entity: { class: AimeosShopBundle:User, property: username }
in_memory:
memory: ~
encoders:
Symfony\Component\Security\Core\User\User: plaintext
Aimeos\ShopBundle\Entity\User:
algorithm: sha1
encode_as_base64: false
iterations: 1
firewalls:
aimeos_admin:
pattern: ^/(admin|extadm|jqadm|jsonadm)
anonymous: ~
provider: admin
form_login:
login_path: /admin
check_path: /admin_check
aimeos_myaccount:
pattern: ^/myaccount
provider: aimeos_customer
http_basic:
realm: "MyAccount"
main:
anonymous: ~
access_control:
- { path: ^/(extadm|jqadm|jsonadm), roles: ROLE_ADMIN }
- { path: ^/myaccount, roles: ROLE_USER }
The Symfony security framework is quite picky about the configuration an even minor changes will break it
I encountered a strange issue. I have the following security.yml:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_USER:
ROLE_EDITOR: [ROLE_USER]
ROLE_ADMIN: [ROLE_USER, ROLE_EDITOR]
providers:
in_memory:
memory:
users:
admin: { password: 123456, roles: [ 'ROLE_ADMIN' ] }
editor: { password: 123456, roles: [ 'ROLE_EDITOR' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
backend:
pattern: ^/backend
anonymous: ~
provider: in_memory
form_login:
login_path: backend_login
check_path: backend_login_check
access_control:
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY, host: example\.com$ }
- { path: ^/backend_login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backend, roles: ROLE_ADMIN }
- { path: ^/user/fetch, roles: ROLE_USER }
- { path: ^/level, roles: ROLE_USER }
- { path: ^/gallery, roles: ROLE_USER }
I have an window development machine with XAMPP running and everything works out properly. I can log in to the backend and if I'm not logged in and try to open a backend route, I'm redirected to the login page.
This is my routing portion:
backend_login:
pattern: /backend_login
defaults: { _controller: FooBackendBundle:Security:login }
backend_login_check:
pattern: /backend/login_check
But when I'm uploading it to my integration linux server, I can open the backend without having to log in. It seems like Symfony does not care about the role the current user has.
The code and the symfony version are both the exact same (Symfony 2.3).
If I remove the anonymous: ~ part from the backend firewall, it will redirect to the login page, but also creates an inifite redirection loop.
Does anybody have an idea how to solve this?
From the Symfony documentation:
For each incoming request, Symfony checks each access_control entry to find one that matches the current request. As soon as it finds a matching access_control entry, it stops - only the first matching access_control is used to enforce access.
When you set access_control in your security config, you want to put your least-restrictive matches last. In your case you will always match on the first pattern since all routes match on ^/ and therefore do not require any authentication. Change your access_control to this:
access_control:
- { path: ^/backend_login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backend, roles: ROLE_ADMIN }
- { path: ^/user/fetch, roles: ROLE_USER }
- { path: ^/level, roles: ROLE_USER }
- { path: ^/gallery, roles: ROLE_USER }
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
I removed the host parameter as it didn't seem relevant.
I'm trying to use FOS UserBundle to manage users on my project.
Here is my security.yml file :
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
providers:
in_memory:
memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
access_control:
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
I have manually set my user's rights in my controller like below :
public function testGroupsAction( UserInterface $user )
{
$user->addRole("ROLE_ADMIN");
$this->getDoctrine()->getManager()->persist($user);
$this->getDoctrine()->getManager()->flush();
echo "<pre>";
\Doctrine\Common\Util\Debug::dump($user->getRoles());
echo "</pre>";die;
}
the $user->getRoles() function returns me an array with all my user's roles :
array (size=3)
0 => string 'ROLE_SUPER_ADMIN' (length=16)
1 => string 'ROLE_ADMIN' (length=10)
2 => string 'ROLE_USER' (length=9)
(ROLE_SUPER_ADMIN has been added during my tests)
However when i try to reach a route like "/admin/my/route"n i've got a 403 access forbidden.
Any idea why Symfony doesn't want my user to access admin pages?
Edit :
When i look in the profiler, the user only has [ROLE_USER]...
Thank you.
I finally got it working.
Thanks to Zizoujab, I tried FOSUserBundle's commands to promote a user :
> php app/console fos:user:promote myUser
It worked perfectly well. However, as I have no ssh access nor any other command line tool on my server, i needed to do it via PHP code.
So i went to the Command code FOS\UserBundle\Command\PromoteUserCommand which uses the FOS\UserBundle\Util\UserManipulator to do actions on the user.
So if you want to modify your User directly in your controller, you can use it, but I don't know if it is the best way to do it. Just call it via your container like this :
/**
* #Route("/user/{id}", name="test_user")
* #ParamConverter("user" , class="MyBundle:User")
*/
public function testUserAction( UserInterface $user )
{
$userManipulator = $this->container->get("fos_user.util.user_manipulator");
$userManipulator->addRole($user,'ROLE_ADMIN');
return new Response();
}
Hope it helps.
Unable to find the login_check in symfony2.0 (I know it should be symfony2.4 because it is decrypted, but my customer wants 2.0).
What is wrong that symfony cannot finde the login_check-path?
My routing.yml:
backend_account_login:
pattern: /{_locale}/secured/login
defaults: { _controller: BackendAccountBundle:Secured:login }
requirements:
_locale: en|de
security_check:
pattern: /{_locale}/secured/login_check
requirements:
_locale: en|de
logout:
pattern: /de/secured/logout
defaults: { _controller: BackendAccountBundle:Secured:logout }
My security.yml:
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
#Use of an encoder Backend\AccoundBundle\Services
Backend\AccountBundle\Entity\User:
id: sha256salted_encoder
role_hierarchy:
ROLE_ADMIN: ROLE_AHA_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
#two providers are given. the aha users from the db and the admin.
#admin still have an unsecured password
providers:
chain_provider:
providers: [in_memory, user_db]
in_memory:
users:
admin: { password: 2, roles: ROLE_ADMIN }
#for aha-users there is a custom table. the login procedure is getting the data from the entity
user_db:
entity: { class: Backend\AccountBundle\Entity\User, property: email }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/(en|de)/secured/login
#security: false
anonymous: ~
secured_area:
pattern: ^/(en|de)/secured/
anonymous: ~
http_basic:
realm: "Secured Area"
form_login:
check_path: security_check
login_path: backend_account_login
use_referer: false
default_target_path: backend_secured_account_index
#target_path_parameter: frontend_account_my_account
logout:
path: /de/secured/logout
target: /de/
#default_target_path: frontend_account_login
#anonymous: ~
#the access of user e.g. admin and aha users are given below
access_control:
- { path: ^/*, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/(en|de)/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/(en|de)/*, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/(en|de)/secured/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/(en|de)/secured/, roles: [ROLE_AHA_USER, ROLE_ADMIN] }
- { path: ^/(en|de)/secured/account/admin/register/, roles: ROLE_ADMIN }
As suggested by 2.0.25 Symfony Dependency Injection and the doc reference (found below) you should define your check_path as an absolute url and not a route name. (e.g.: /en/secured/login_check)
Security reference for 2.0 (deprecated):
http://symfony.com/doc/2.0/reference/configuration/security.html#the-login-form-and-process
Current:
http://symfony.com/doc/current/reference/configuration/security.html#the-login-form-and-process
(This latter states that you may use route name. )
Im getting this error:
FileLoaderLoadException: Cannot import resource
"app/config/security.yml" from "/app/config/config.yml".
The file security.yml is on the right path. This is my security.yml file:
jms_sapp/confiapp/config/security.yml
secure_all_services: false
exprapp/confiapp/config/security.yml
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/demo/secured/login$
security: false
secured_area:
pattern: ^/demo/secured/
form_login:
check_path: /demo/secured/login_check
login_path: /demo/secured/login
logout:
path: /demo/secured/logout
target: /demo/
#anonymous: ~
#http_basic:
# realm: "Secured Demo Area"
access_control:
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
#- { path: ^/_internal/secure, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: 127.0.0.1 }
These three first lines, as #Sgoettschkes pointed out, are obviously problematic here. They do not conform to the YAML syntax standards. I second the question: what were you trying to achieve with them? Try to remove them and I'm 100% percent sure this error will disappear.
I heavily recommend that you use a good IDE which will highlight the YAML code for you, in case you don't use an IDE already (personally I use NetBeans and it handles YAML files pretty well). Syntax errors like this are very common and easy to spot, then.