奇怪的问题。
当我尝试访问API的端点但用户角色正确时,出现403错误。
这是我路线的注释(我正在使用FosRestBundle)
/**
* @Rest\Get("home/{id}/versions", requirements={"id"="\d+"})
* @Security("has_role('ROLE_ADMIN_HOME_VIEW')")
* @Rest\View()
*/
Symfony Profiler告诉我路由正确匹配,并且我具有所请求的角色,这是继承的角色的列表 但是会抛出 AccessDeniedHttpException 异常。
很明显,如果我从注释中删除 @Security 行,一切都很好。
但是最令人沮丧的是,在同一控制器中,我有另一条类似的路由,具有相同的安全要求,这是其注释。
/**
* @Rest\Get("/home/{locale}/{version}", requirements={"version"="\d+", "locale"="[a-z]{2}"} , defaults={"version" = null})")
* @Security("has_role('ROLE_ADMIN_HOME_VIEW')")
* @Rest\View()
*/
答案 0 :(得分:0)
问题是我的role_hierarchy列表语法。
这里是错误的:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN:
ROLE_ADMIN
ROLE_ADMIN_SPEAKER_VIEW
ROLE_ADMIN_SPEAKER_CREATE
ROLE_ADMIN_SPEAKER_EDIT
ROLE_ADMIN_SPEAKER_DELETE
ROLE_ADMIN_PAGE_VIEW
ROLE_ADMIN_PAGE_CREATE
ROLE_ADMIN_PAGE_EDIT
ROLE_ADMIN_PAGE_DELETE
ROLE_ADMIN_NEWS_VIEW
ROLE_ADMIN_NEWS_CREATE
ROLE_ADMIN_NEWS_EDIT
ROLE_ADMIN_NEWS_DELETE
ROLE_ADMIN_USER_VIEW
ROLE_ADMIN_USER_CREATE
ROLE_ADMIN_USER_EDIT
ROLE_ADMIN_USER_DELETE
ROLE_ADMIN_CONTENT_VIEW
ROLE_ADMIN_CONTENT_CREATE
ROLE_ADMIN_CONTENT_EDIT
ROLE_ADMIN_CONTENT_DELETE
ROLE_ADMIN_HOME_VIEW
ROLE_ADMIN_HOME_CREATE
ROLE_ADMIN_HOME_EDIT
ROLE_ADMIN_HOME_DELETE
ROLE_GOD: ROLE_SUPER_ADMIN
这里是正确的:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN:
- ROLE_ADMIN
- ROLE_ADMIN_SPEAKER_VIEW
- ROLE_ADMIN_SPEAKER_CREATE
- ROLE_ADMIN_SPEAKER_EDIT
- ROLE_ADMIN_SPEAKER_DELETE
- ROLE_ADMIN_PAGE_VIEW
- ROLE_ADMIN_PAGE_CREATE
- ROLE_ADMIN_PAGE_EDIT
- ROLE_ADMIN_PAGE_DELETE
- ROLE_ADMIN_NEWS_VIEW
- ROLE_ADMIN_NEWS_CREATE
- ROLE_ADMIN_NEWS_EDIT
- ROLE_ADMIN_NEWS_DELETE
- ROLE_ADMIN_USER_VIEW
- ROLE_ADMIN_USER_CREATE
- ROLE_ADMIN_USER_EDIT
- ROLE_ADMIN_USER_DELETE
- ROLE_ADMIN_CONTENT_VIEW
- ROLE_ADMIN_CONTENT_CREATE
- ROLE_ADMIN_CONTENT_EDIT
- ROLE_ADMIN_CONTENT_DELETE
- ROLE_ADMIN_HOME_VIEW
- ROLE_ADMIN_HOME_CREATE
- ROLE_ADMIN_HOME_EDIT
- ROLE_ADMIN_HOME_DELETE
ROLE_GOD: ROLE_SUPER_ADMIN
糟糕的是,没有错误抛出。