i have installed correctly the FOSUserBundle
but my questions are 2
for logged with a admin?
and i not understand how set some user to admin
thx
Security in Symfony2 is mainly based on user roles, so if the user has admin roles as defined in your security configuration you should have 'admin' user. Maybe you should look into the docs.
http://symfony.com/doc/current/book/security.html#roles
In case you are using SonataAdminBundle check http://sonata-project.org/bundles/admin/master/doc/reference/security.html
Related
I have my roles defined as follows:
security:
role_hierarchy:
ROLE_PROFESSIONAL_SERVICES_MANAGER: [ROLE_USER, ROLE_SONATA_ADMIN, ROLE_BRANCH_ASSISTANT]
When I try to check for permissions in my controller as below:
if($securityContext->isGranted('ROLE_PROFESSIONAL_SERVICES_MANAGER'))
The returns false because the in the profiler, the permissions appear to have been saved as shown below therefore:
"ROLE_PROFESSIONAL_SERVICES_MANAGER: ROLE_USER, ROLE_SONATA_ADMIN, ROLE_BRANCH_ASSISTANT"
Anyone know how I can resolve this?
Roles are for users not the app.
With your code you are defining that a user with role ROLE_PROFFESSIONAL_SERVICES_MANAGER will have the roles ROLE_USER, ROLE_SONATA_ADMIN and ROLE_BRANCH_ASSISTANT.
But now you need to assign that role to a user and sign that user in.
When you call $securityContext->isGranted() what it does is get the token from your current logged in user (wich you can see in the profiler) and check the roles of that user from the token.
So you need to have a user with the proper role assigned signed in.
If your already using SonatAUserBundle or FOSUserBundle use that command to create a user easily: bin/console fos:user:create
Then assign it the proper roles:
app/console fos:user:promote nameOfYourUser ROLE_PROFFESSIONAL_SERVICES_MANAGER
If your app has no user management system have a look here: https://sonata-project.org/bundles/admin/master/doc/reference/security.html#user-management
I have 2 user roles in my application: admin and member. After a successful login, an admin user must be redirected to /admin and member must be redirected to /catalog.
Is this possible with Symfony and the FOSUserBundle?
Yes, you can modify the login behaviour. It's nothing FOSUserBundle specific, it's a Symfony feature: https://symfony.com/doc/current/security/form_login.html#always-redirect-to-the-default-page
Another solution is a custom login authentication success handler. You can find an example here: https://gist.github.com/chalasr/69ad35c11e38b8cc717f
I am using Symfony2.8.10 + SonataAdminbundle + FosUserBundle/SonataUserBundle
The user can edit all users when i try to assign sonata user permission to a user. But if i don't do this, the logined user can not show their profile.what should I do?
My acl setting
The problem is that you are setting acl for an action not depending on the variable passed to it. Still you can check that if a person is logged in and have the user editing level, this person can edit only his profile. If the person is an administrator then he can edit all profiles.
I do not think sonata admin is really done for that as fos_user implements already its own logic for that. You can find the form under the url : /{fos_user_route}/profile/edit/. I prefer to use back-office for administrators and front-office for the rest. Moreover, it help the overall security as the user do not know the link to the back-office.
I am new to symfony,i am using FosUserBundle for user management now i want to do role management (managing role with separate table) with FosUserBundle and need to give access to user as per role assigned to him/her. Please suggest some good solution to achieve this functionality?
You can use user groups for set needed role for users. And check it with isGranted('ROLE') method in controller or in twig templates
You can check the documentation for the configuration of security.yml :
https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Resources/doc/index.md
Then after specifying your ROLES there in the hierarchy you can start giving access to specific roles in the access_control part of the security.yml configuration.
For some reasons you will want to check in the twig or in the controller there are also some function which allow you to check if the user is granted this or that Role with :
$this->container->get('security.context')->isGranted('YOUR_CUSTOM_ROLE');
or twig :
{%if is_granted('YOUR_CUSTOM_ROLE')%} /* show some custom data */ {%endif%}
You can add or remove roles from Users also using :
$user->removeRole('ROLE_ADMIN');
$user->addRole('YOUR_CUSTOM_ROLE');
$em->persist($user);
$em->flush();
This is mostly what you will need the roles for in general, access_control configuration, Twig checks, Controller Checks and Add/Remove Roles.
I am trying to use Fr3d LDAP bundle with Symfony2 to authenticate users before entering my site.
Unfortunately, I am unable to modify the schema to form the necessary user table required by FOS User Bundle. This leads me to trying to bypass the FOS User Bundle and just use the functionality in Fr3d LDAP bundle.
Does anyone have any information on how to do this? I've looked all over and haven't found anything.
Yes, is possible use FR3DLdapBundle without FOSUserBundle.
Just change service.user_manager with your own user manager (https://github.com/Maks3w/FR3DLdapBundle/blob/2.0.x/Resources/doc/index.md)
This is the interface that you should implement https://github.com/Maks3w/FR3DLdapBundle/blob/2.0.x/Model/UserManagerInterface.php
*This is a copy of the comment Disconnect Fr3d LDAP bundle from FOS User Bundle *