Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

role_hierarchy with Symfony2

I have a big problem with my role_hierarchy,

security:
    role_hierarchy:
        ROLE_ADMIN:[ROLE_USER,ROLE_AUTHOR,ROLE_MODERATOR]
        ROLE_SUPER_ADMIN:[ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH]

with that, if i got the SUPER_ADMIN role, I will got the ROLE_AUTHOR, ROLE_MODERATOR, ROLE_USER AND ROLE_ADMIN. But my problem it's when I login on my website, if I check the profiler, i can see i got only the ROLE_SUPER_ADMIN, not the others roles, so, can you help me?

my view (base.html.twig)

<h3>Blog</h3>
<ul class="nav nav-pills nav-stacked">
    <li><a href="{{ path('dom_home') }}">Home Page</a></li>
    {% if is_granted('ROLE_AUTHOR') %}
        <li><a href="{{ path('dom_add') }}">Add a post</a></li>
    {% endif %}
    {% if is_granted('IS_AUTHENTICATED_FULLY') %}
        <li><a href="{{ path('fos_user_security_logout') }}">Logout</a></li>
    {% else %}
        <li><a href="{{ path('fos_user_security_login') }}">login</a></li>
        <li><a href="{{ path('fos_user_registration_register') }}">register</a></li>
    {% endif %}
</ul>

my security.yml (app/config)

security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       [ROLE_USER,ROLE_AUTHOR,ROLE_MODERATOR]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH]

    providers:
        in_memory:
            users:
                user:  { password: userpass, roles: [ 'ROLE_USER' ] }
                admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
        fos_userbundle:
            id: fos_user.user_manager
    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
        login:
            pattern:   ^/(login$|register|resetting)
            anonymous: true
        main:
            pattern: ^/
            form_login:
                provider:    fos_userbundle
                remember_me: true
                always_use_default_target_path: true
                default_target_path: /dom/
            remember_me:
                key:         %secret%
            anonymous:       false
            logout:          true 

edit:

my view (base.html.twig)

<h3>Blog</h3>
<ul class="nav nav-pills nav-stacked">
    <li><a href="{{ path('dom_home') }}">Home Page</a></li>
    {% if is_granted('ROLE_AUTHOR') %}
        <li><a href="{{ path('dom_add') }}">Add a post</a></li>
    {% endif %}
    {% if is_granted('IS_AUTHENTICATED_FULLY') %}
        <li><a href="{{ path('fos_user_security_logout') }}">Logout</a></li>
    {% else %}
        <li><a href="{{ path('fos_user_security_login') }}">login</a></li>
        <li><a href="{{ path('fos_user_registration_register') }}">register</a></li>
    {% endif %}
</ul>

my security.yml (app/config)

security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       [ROLE_USER,ROLE_AUTHOR,ROLE_MODERATOR]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH]

    providers:
        in_memory:
            users:
                user:  { password: userpass, roles: [ 'ROLE_USER' ] }
                admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
        fos_userbundle:
            id: fos_user.user_manager
    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
        login:
            pattern:   ^/(login$|register|resetting)
            anonymous: true
        main:
            pattern: ^/
            form_login:
                provider:    fos_userbundle
                remember_me: true
                always_use_default_target_path: true
                default_target_path: /dom/
            remember_me:
                key:         %secret%
            anonymous:       false
            logout:          true 

please answer :)

like image 662
Stickly Avatar asked Jun 13 '12 17:06

Stickly


1 Answers

I cannot see what's wrong from the code snippets you provided, so I made a little example application to give you a step by step-instruction which might lead you to the source of the problem.

  1. Cloned symfony-standard (master) (and removed Acme\DemoBundle)
  2. Added "friendsofsymfony/user-bundle": "dev-master" to composer.json
  3. Created new bundle Mahok\SecurityBundle (php app/console generate:bundle)
  4. Created new Entity php app/console doctrine:generate:entity
  5. Modified Entity according to FOS\UserBundle documentation (step 3; Important: Change the table name to something other than "user", as this is a reserved word and might cause trouble!)
  6. Modified app/AppKernel.php, app/config/config.yml, app/config/routing.yml and app/config/security.yml according to FOS\UserBundle documentation. For reference: This is the security.yml I use:

    jms_security_extra:
        secure_all_services: false
        expressions: true
    
    security:
        encoders:
            FOS\UserBundle\Model\UserInterface: sha512
    
    role_hierarchy:
        ROLE_AUTHOR:      [ROLE_USER]
        ROLE_MODERATOR:   [ROLE_AUTHOR]
        ROLE_ADMIN:       [ROLE_MODERATOR]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN]
    
    providers:
        fos_userbundle:
            id: fos_user.user_manager
    
    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
    
        auth:
            pattern:   (^/login$|^/register|^/resetting)
            anonymous: true
    
        main:
            pattern:    ^/
            form_login:
                provider:      fos_userbundle
                csrf_provider: form.csrf_provider
            logout:     true
            anonymous:  true
    
    access_control:
        - { path: ^/admin, role: ROLE_ADMIN }
    
  7. Created user with `php app/console fos:user:create sa --super-admin

  8. Modified DefaultController:default.html.twig in Mahok\SecurityBundle, checking for {% is_granted('ROLE_MODERATOR') %}:

    Hello {{ name }}!
    {% if is_granted('ROLE_MODERATOR') %}
    <ul>
        {% for role in app.user.roles %}
        <li>{{ role }}</li>
        {% endfor %}
    </ul>
    {% else %}
        oh noes!
    {% endif %}
    

edit: When going to localhost/example/app_dev.php/hello/User (after logging in as "sa"), I get the following output:

Hello User!
* ROLE_SUPER_ADMIN
* ROLE_USER
like image 55
dbrumann Avatar answered Nov 02 '22 12:11

dbrumann