如果用户被禁止或角色更改,我想注销他们,但是找不到Symfony 4版本的任何解决方案。
我已经在我的security.yaml中尝试过此行:
always_authenticate_before_granting: true
logout_on_user_change: true
这行我没有任何错误,但是他们什么也没做
这是我的security.yaml文件:
security:
encoders:
App\Entity\User:
algorithm: bcrypt
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
access_decision_manager:
strategy: unanimous
role_hierarchy:
ROLE_USER: ROLE_USER # user front-end
ROLE_EDITOR: ROLE_USER # rédacteur (minimum level to access back-office)
ROLE_MODERATOR: ROLE_USER # modérateur (forum et commentaire)
ROLE_ADMIN: [ROLE_USER, ROLE_MODERATOR, ROLE_EDITOR] # admin
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_MODERATOR, ROLE_EDITOR, ROLE_ADMIN] # super-admin
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
user_checker: App\Security\UserChecker
guard:
authenticators:
- App\Security\LoginFormAuthenticator
remember_me:
secret: '%kernel.secret%'
lifetime: 604800 # 1 week in seconds
path: /
logout:
path: /logout
access_control:
- { path: ^/admin/, role: ROLE_MODERATOR }
- { path: ^/account/, role: ROLE_USER }