role_hierarchy with Symfony2
I cannot see what's wrong from the code snippets you provided, so I made a little example application to give you a step by step-instruction which might lead you to the source of the problem.
- Cloned symfony-standard (master) (and removed Acme\DemoBundle)
- Added
"friendsofsymfony/user-bundle": "dev-master"to composer.json - Created new bundle Mahok\SecurityBundle (
php app/console generate:bundle) - Created new Entity
php app/console doctrine:generate:entity - Modified Entity according to FOS\UserBundle documentation (step 3; Important: Change the table name to something other than "user", as this is a reserved word and might cause trouble!)
Modified
app/AppKernel.php,app/config/config.yml,app/config/routing.ymlandapp/config/security.ymlaccording to FOS\UserBundle documentation. For reference: This is the security.yml I use:jms_security_extra: secure_all_services: false expressions: true security: encoders: FOS\UserBundle\Model\UserInterface: sha512 role_hierarchy: ROLE_AUTHOR: [ROLE_USER] ROLE_MODERATOR: [ROLE_AUTHOR] ROLE_ADMIN: [ROLE_MODERATOR] ROLE_SUPER_ADMIN: [ROLE_ADMIN] providers: fos_userbundle: id: fos_user.user_manager firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false auth: pattern: (^/login$|^/register|^/resetting) anonymous: true main: pattern: ^/ form_login: provider: fos_userbundle csrf_provider: form.csrf_provider logout: true anonymous: true access_control: - { path: ^/admin, role: ROLE_ADMIN }Created user with `php app/console fos:user:create sa --super-admin
Modified DefaultController:default.html.twig in Mahok\SecurityBundle, checking for
{% is_granted('ROLE_MODERATOR') %}:Hello {{ name }}! {% if is_granted('ROLE_MODERATOR') %} <ul> {% for role in app.user.roles %} <li>{{ role }}</li> {% endfor %} </ul> {% else %} oh noes! {% endif %}
edit: When going to localhost/example/app_dev.php/hello/User (after logging in as "sa"), I get the following output:
Hello User!
* ROLE_SUPER_ADMIN
* ROLE_USER
Stickly
Updated on June 27, 2022Comments
-
Stickly almost 2 years
I have a big problem with my role_hierarchy,
security: role_hierarchy: ROLE_ADMIN:[ROLE_USER,ROLE_AUTHOR,ROLE_MODERATOR] ROLE_SUPER_ADMIN:[ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH]with that, if i got the SUPER_ADMIN role, I will got the ROLE_AUTHOR, ROLE_MODERATOR, ROLE_USER AND ROLE_ADMIN. But my problem it's when I login on my website, if I check the profiler, i can see i got only the ROLE_SUPER_ADMIN, not the others roles, so, can you help me?
my view (
base.html.twig)<h3>Blog</h3> <ul class="nav nav-pills nav-stacked"> <li><a href="{{ path('dom_home') }}">Home Page</a></li> {% if is_granted('ROLE_AUTHOR') %} <li><a href="{{ path('dom_add') }}">Add a post</a></li> {% endif %} {% if is_granted('IS_AUTHENTICATED_FULLY') %} <li><a href="{{ path('fos_user_security_logout') }}">Logout</a></li> {% else %} <li><a href="{{ path('fos_user_security_login') }}">login</a></li> <li><a href="{{ path('fos_user_registration_register') }}">register</a></li> {% endif %} </ul>my
security.yml(app/config)security: encoders: Symfony\Component\Security\Core\User\User: plaintext FOS\UserBundle\Model\UserInterface: sha512 role_hierarchy: ROLE_ADMIN: [ROLE_USER,ROLE_AUTHOR,ROLE_MODERATOR] ROLE_SUPER_ADMIN: [ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH] providers: in_memory: users: user: { password: userpass, roles: [ 'ROLE_USER' ] } admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] } fos_userbundle: id: fos_user.user_manager firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false login: pattern: ^/(login$|register|resetting) anonymous: true main: pattern: ^/ form_login: provider: fos_userbundle remember_me: true always_use_default_target_path: true default_target_path: /dom/ remember_me: key: %secret% anonymous: false logout: trueedit:
my view (base.html.twig)
<h3>Blog</h3> <ul class="nav nav-pills nav-stacked"> <li><a href="{{ path('dom_home') }}">Home Page</a></li> {% if is_granted('ROLE_AUTHOR') %} <li><a href="{{ path('dom_add') }}">Add a post</a></li> {% endif %} {% if is_granted('IS_AUTHENTICATED_FULLY') %} <li><a href="{{ path('fos_user_security_logout') }}">Logout</a></li> {% else %} <li><a href="{{ path('fos_user_security_login') }}">login</a></li> <li><a href="{{ path('fos_user_registration_register') }}">register</a></li> {% endif %} </ul>my security.yml (app/config)
security: encoders: Symfony\Component\Security\Core\User\User: plaintext FOS\UserBundle\Model\UserInterface: sha512 role_hierarchy: ROLE_ADMIN: [ROLE_USER,ROLE_AUTHOR,ROLE_MODERATOR] ROLE_SUPER_ADMIN: [ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH] providers: in_memory: users: user: { password: userpass, roles: [ 'ROLE_USER' ] } admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] } fos_userbundle: id: fos_user.user_manager firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false login: pattern: ^/(login$|register|resetting) anonymous: true main: pattern: ^/ form_login: provider: fos_userbundle remember_me: true always_use_default_target_path: true default_target_path: /dom/ remember_me: key: %secret% anonymous: false logout: trueplease answer :)