Symfony 4 access_control按角色不起作用

时间:2018-07-11 06:17:57

标签: php symfony

我尝试在路线上设置访问级别,我写了这个简单的 security.yaml

security:
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
encoders:
    App\Entity\User: bcrypt

providers:
    db_provider:
        entity:
            class: App\Entity\User
            property: mobile
firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    main:
        anonymous: ~
        form_login:
            login_path: verify_token_page
            check_path: verify_token_page
            default_target_path: panel_index

# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
     - { path: ^/panel, roles: ROLE_SERVICE_MAN }

问题是,当我尝试访问 localhost:8000 / panel 时,出现 AccessDeniedHttpException

这是我的用户角色转储

array:1 [▼
  0 => "ROLE_SERVICE_MAN"
]

我也尝试不使用角色,而是使用角色或将ROLE_SERVICE_MAN用括号括起来

这是我的PanelController

<?php

namespace App\Controller;

use App\Entity\Car;
use App\Entity\User;
use App\Form\CarType;
use App\Repository\CarRepository;
use App\Repository\RequestRepository;
use Symfony\Bridge\Doctrine\Form\Type\EntityType;
use Symfony\Component\Form\Extension\Core\Type\DateType;
use Symfony\Component\Form\Extension\Core\Type\TextareaType;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;

/**
 * @Route("/panel")
 */
class PanelController extends Controller
{
    /**
     * @return \Symfony\Component\HttpFoundation\Response
     * @Route("/",name="panel_index")
     */
    public function indexAction()
    {
        return $this->render('panel/index.html.twig');
    }

}

1 个答案:

答案 0 :(得分:0)

好的, 要点1:我发现问题永远不要尝试直接从数据库中更改用户角色,因为登录缓存或cookie或其他方式时设置了一次(我不知道确切在哪里) 更改时,您应该重新登录或添加其他用户来设置新角色。

第2点:检查您实体中的关键角色(不要添加Role [我的错误])。