1

I know that my title is not very clear. I explain me, I create a security: 

security:
encoders:
   Bundles\UserBundle\Entity\user: sha512

role_hierarchy:
    ROLE_MENAGE:        [ROLE_USER]
    ROLE_EMPLOYE:       [ROLE_ADMIN]
    ROLE_GERANT:        [ROLE_SUPER_ADMIN]
    ROLE_INTERCOMMUNAL: [ROLE_GERANT]

providers:
    main:
        id: fos_user.user_provider.username

firewalls:
    main:
        pattern:        ^/
        anonymous:      true
        provider:       main
        form_login:
            login_path: fos_user_security_login
            check_path: fos_user_security_check
        logout:
            path:       fos_user_security_logout
            target:     /login
        remember_me:
            key:        %secret%
access_control:
    - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, roles: ROLE_MENAGE }
    - { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: ROLE_MENAGE }
    - { path: ^/EncoderDechet, roles: ROLE_EMPLOYE }
    - { path: ^/VoirConteneurs, roles: ROLE_GERANT }
    - { path: ^/GenererFacture, roles: ROLE_INTERCOMMUNAL }
    - { path: ^/Statistique, roles: ROLE_GERANT }

Like you can see in this SECURITY.YML I define a role hierarchy. When I log In with a User who have : ROLE_EMPLOYE as role, I have can have access to /register. But this path must have as role : EMPLOYE, and it give me an 403 : access denied.

Can you explain me where I made a mistake ?

Improve this question
1
  • I'm sorry it was 403 Commented Jul 18, 2017 at 17:33

1 Answer 1

Reset to default
1

Your role hierarchy looks wrong.

It should be

ROLE_B: ROLE_A
ROLE_C: ROLE_B
ROLE_D: ROLE_C

So something like

ROLE_MENAGE:        ROLE_USER
ROLE_EMPLOYE:       ROLE_MENAGE
ROLE_GERANT:        ROLE_EMPLOYE
ROLE_INTERCOMMUNAL: ROLE_GERANT

Which would give you 5 roles going: USER < MENAGE < EMPLOYE < GERANT < INTERCOMMUNAL

If you do need ROLE_ADMIN & ROLE_SUPER_ADMIN just add them in there where you need them.

Here is what I use on my current project for example

ROLE_INFLUENCER:    ROLE_USER
ROLE_COMPANY:       ROLE_INFLUENCER
ROLE_COMPANY_ADMIN: ROLE_COMPANY
ROLE_SITE_ADMIN:    ROLE_COMPANY_ADMIN
ROLE_SUPER_ADMIN:   ROLE_SITE_ADMIN
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

ROLE_MENAGE: [ROLE_USER] ROLE_EMPLOYE: [ROLE_MENAGE] ROLE_GERANT: [ROLE_EMPLOYE] ROLE_INTERCOMMUNAL: [ROLE_GERANT] like this ?
You do not need the [ ] characters, otherwise it looks ok

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.