我想要受保护的url / admin /并且我使用symfony book但工作不正常,我的用户不是用户捆绑只是实体用户和字段角色= ROLE_ADMIN或ROLE_USER,ROLE_FREELANCER。我有标准完整的SecurityBundle。现在,如果我与拥有ROLE_FREELNANCER的开发者一起进入,我会为此角色进行操作,但如果我通过url admin / tim / dashboard这个开发人员输入此URL,则此错误。请帮忙。 这是我的安全:
security:
encoders:
Artel\ProfileBundle\Entity\Users:
algorithm: sha1
encode_as_base64: false
iterations: 1
Artel\ProfileBundle\Entity\Developer:
algorithm: sha1
encode_as_base64: false
iterations: 1
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_CLIENT: ROLE_USER
ROLE_COMPANY: ROLE_USER
ROLE_FREELANCER: ROLE_USER
ROLE_ADMIN: ROLE_ADMIN
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_MODERATOR, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
chain_provider:
chain:
providers: [user_db, user_dev, in_memory]
providers: [user_dev, in_memory]
user_db:
entity: { class: Artel\ProfileBundle\Entity\Users, property: email }
user_dev:
entity: { class: Artel\ProfileBundle\Entity\Developer, property: email }
in_memory:
memory:
users:
admin_tyty: { password: adminpass_tyty, roles: [ 'ROLE_ADMIN' ] }
firewalls:
default:
anonymous: ~
http_basic: ~
form_login:
login_path: /login
check_path: /login_check
logout:
path: /logout
invalidate_session: false
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /admin/(.*), roles: ROLE_ADMIN }
和我的行动
class SecurityController extends Controller
{
public function loginAction(Request $request)
{
$authenticationUtils = $this->get('security.authentication_utils');
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render('ArtelProfileBundle:Security:login.html.twig',
array(
// last username entered by the user
'last_username' => $lastUsername,
'home_page' => $this->container->getParameter('home_page'),
'phone_in_header' => $this->container->getParameter('phone_in_header'),
'error' => $error,
'db_url' => $this->container->getParameter('db_url'),
'api_url' => $this->container->getParameter('api_url'),
'mauth_url' => $this->container->getParameter('mauth_url'),
'gaID' => $this->container->getParameter('gaID'),
'ymID' => $this->container->getParameter('ymID')
)
);
}
public function securityCheckAction()
{
// Роут
}
public function indexAction()
{
$securityContext = $this->container->get('security.context');
if ( $securityContext->isGranted('IS_AUTHENTICATED_FULLY') == false ) {
return $this->redirect($this->generateUrl('login_route'));
}
$role = $this->getUser()->getRoles();
if($role[0] == 'ROLE_FREELANCER')
{
return $this->redirect($this->generateUrl('artel_profile_homepage', array('username' => $this->getUser()->getUsername())));
}
elseif($role[0] == 'ROLE_COMPANY')
{
return $this->redirect($this->generateUrl('artel_user_profile_homepage', array('username' => $this->getUser()->getUsername())));
}
if($role[0] == 'ROLE_ADMIN')
{
return $this->redirect($this->generateUrl('admin_tim_dashboard'));
}
else
return $this->render('default/index.html.twig');
}
答案 0 :(得分:2)
您的access_control设置允许执行此操作。改变规则的顺序:
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }