1. 首页
  2. 问答
  3. 的Symfony忽略fosuser自定义角色

的Symfony忽略fosuser自定义角色

2016-04-22 69 views
1

所以,这里是我的security.yml的Symfony忽略fosuser自定义角色

security: 
    encoders: 
     FOS\UserBundle\Model\UserInterface: bcrypt 

    role_hierarchy: 
     ROLE_CLINICIAN: ROLE_USER 
     ROLE_ADMIN:  ROLE_CLINICIAN 
     ROLE_OWNER:  ROLE_ADMIN 
     ROLE_SUPER_ADMIN: ROLE_OWNER 

    providers: 
     fos_userbundle: 
      id: fos_user.user_provider.username_email 

    firewalls: 
     dev: 
      pattern: ^/(_(profiler|wdt)|css|images|js)/ 
      security: false 

     main: 
      pattern: ^/ 
      form_login: 
       provider:  fos_userbundle 
       csrf_provider: security.csrf.token_manager 
      logout: true 
      anonymous: ~ 

    access_control: 
     - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: /, roles: ROLE_USER } 
     - { path: ^/, roles: ROLE_ADMIN } 
     - { path: ^/api, roles: ROLE_OWNER } 
     - { path: ^/api, roles: ROLE_SUPER_ADMIN } 
     - { path: ^/api/clinics, roles: ROLE_CLINICIAN }

我应该有这样

ROLE_CLINICIAN 
     | 
    ROLE_ADMIN 
     | 
    ROLE_OWNER 
     | 
ROLE_SUPER_ADMIN

角色层次,但symfony的忽略它,因为现在我想打ROLE_CLINICIAN只能访问path: ^/api/clinics页面,但该角色仍然可以访问每个页面

来源

2016-04-22 Lunin Roman

回答

0

这里是工作解决方案

security: 
    encoders: 
     FOS\UserBundle\Model\UserInterface: bcrypt 

    role_hierarchy: 
     ROLE_ADMIN:  ROLE_CLINICIAN 
     ROLE_OWNER:  ROLE_ADMIN 
     ROLE_SUPER_ADMIN: ROLE_OWNER 

    providers: 
     fos_userbundle: 
      id: fos_user.user_provider.username_email 

    firewalls: 
     dev: 
      pattern: ^/(_(profiler|wdt)|css|images|js)/ 
      security: false 

     main: 
      pattern: ^/ 
      form_login: 
       provider:  fos_userbundle 
       csrf_provider: security.csrf.token_manager 
      logout: 
       path: fos_user_security_logout 
       target: fos_user_security_login 
      anonymous: ~ 

    access_control: 
     - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
     - { path: ^/api/clients, roles: ROLE_CLINICIAN } 
     - { path: ^/api, roles: ROLE_SUPER_ADMIN } 
     - { path: ^/api, roles: ROLE_OWNER } 
     - { path: ^/#/, roles: ROLE_USER }

路径:^ /提供访问我的应用程序的所有页面,所以ROLE_USER的每个父访问的每个页面,无论如何,而是由http://symfony.com/doc/current/cookbook/security/access_control.html

Remember, the first rule that matches is used,所以关键是要放 - {路径:^/#/,roles:ROLE_USER}到列表的末尾。

来源

2016-04-22 12:29:40

0

访问控制规则从顶部到底部进行评估。第一个匹配的访问控制规则获胜。在你的例子中,这意味着最后四条规则永远不会被考虑。由于ROLE_CLINICIAN角色包含ROLE_USER角色,您的用户将始终被授予访问权限。

你可以阅读更多关于如何评估访问控制规则in the documentation

来源

2016-04-22 12:30:45 xabbuh

相关问题

 相关问题