好的,我正试图通过配置在symfony2中设置我的安全性。我创建了一个role_hierarchy:
role_hierarchy:
ROLE_USER_ADMIN: ROLE_USER
ROLE_VENDOR: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_VENDOR, ROLE_USER_ADMIN, ROLE_ALLOWED_TO_SWITCH]
我已经设置了access_control:
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/administration/, roles: ROLE_VENDOR }
- { path: ^/administration/vendor/new, roles: ROLE_SUPER_ADMIN }
- { path: ^/administration/taxonomy, roles: ROLE_SUPER_ADMIN }
- { path: ^/administration/property, roles: ROLE_SUPER_ADMIN }
- { path: ^/administration/usagelimit, roles: ROLE_SUPER_ADMIN }
- { path: ^/account, roles: ROLE_USER }
- { path: ^/library, roles: ROLE_USER }
- { path: ^/profile, roles: ROLE_USER }
- { path: ^/vendors, roles: ROLE_USER }
- { path: ^/community, roles: ROLE_USER }
然而,当我与只有" ROLE_VENDOR"的用户登录时,我可以访问/ administration / taxonomy,/ administration / property等路由......
我做错了什么???
答案 0 :(得分:2)
您的路线顺序错误。
它是先到先得的,首先在/administration/之后的所有内容都被该指令捕获,因此允许ROLE_VENDOR访问。
你应该把它改成......
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/administration/, roles: ROLE_VENDOR } // Old home...
- { path: ^/administration/vendor/new, roles: ROLE_SUPER_ADMIN }
- { path: ^/administration/taxonomy, roles: ROLE_SUPER_ADMIN }
- { path: ^/administration/property, roles: ROLE_SUPER_ADMIN }
- { path: ^/administration/usagelimit, roles: ROLE_SUPER_ADMIN }
- { path: ^/administration/, roles: ROLE_VENDOR } // New home...
- { path: ^/account, roles: ROLE_USER }
- { path: ^/library, roles: ROLE_USER }
- { path: ^/profile, roles: ROLE_USER }
- { path: ^/vendors, roles: ROLE_USER }
- { path: ^/community, roles: ROLE_USER }