Menu
I (obviously) searched for similar problems, but mine ain't none of them.
Here's my case :
ROLE_SUPER_ADMIN
admin, his only role is ROLE_SUPER_ADMIN
ROLE_SUPER_ADMIN inherits the ROLE_ADMIN (see below)/users/page/1
Access Denied by controller annotation @IsGranted(["ROLE_ADMIN", "ROLE_RESPONSIBLE"])
Here is my Controller :
//src/Controller/UserController.php
/**
* @Route("/users")
* @IsGranted("ROLE_USER")
*/
class UserController extends AbstractController
{
private $security;
private $mailer;
public function __construct(Security $security, MailerInterface $mailer)
{
$this->security = $security;
$this->mailer = $mailer;
}
/**
* @Route("/page/{!page}", name="user_index", requirements={"page"="\d+"}, defaults={"page":1})
* @IsGranted({"ROLE_ADMIN", "ROLE_RESPONSIBLE"})
*/
public function index(Request $request, UserRepository $userRepository, int $page = 1): Response
{
[....]
}
And my custom role hierarchy
config/packages/security.yaml
security:
role_hierarchy:
ROLE_RESPONSIBLE: ROLE_USER
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
I double checked every character just in case i had a typo, i don't...
I thought it was like a && evaluation (user had to got ROLE_ADMIN and ROLE_RESPONSIBLE).
EDIT: That was the problem, the default behavior is a && evaluation of each role in the array, i needed to use * @Security("is_granted('ROLE_ADMIN') or is_granted('ROLE_RESPONSIBLE')")
I tried only with @IsGranted("ROLE_USER"), it worked but @IsGranted("ROLE_ADMIN") does not, and it's an inherited role
I (still) can't embed an image so take my word on that or see my proof here
Thanks in advance, mondays are mondays you know ...
265
You're requiring the user be granted two roles. Change your hierarchy to make ROLE_SUPER_ADMIN inherit ROLE_RESPONSIBLE so you can remove it or change the annotation to :
/**
* @Security("is_granted('ROLE_ADMIN') or is_granted('ROLE_RESPONSIBLE')")
*/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
