阻止用户访问 symfony 2
Prevent access of users in symfony 2
我的网站有 3 个用户角色。
1.ROLE_ADMIN
2.ROLE_STUDENT
3.ROLE_PARENT
从最近几天开始,当我以 ROLE_STUDENT.This 身份登录时,我遇到了 issue.I 可以转到 ROLE_PARENT 页面的问题,这只发生在 ROLE_STUDENT/ROLE_PARENT 期间,而不是 ROLE_ADMIN
这是我的 sucurity.yml
请告诉我哪里错了。
security:
encoders:
Bundle\AdminBundle\Entity\KidsKulaUsers:
algorithm: sha512
role_hierarchy:
# ROLE_EMPLOYEE: [ROLE_ADVOCATES]
# ROLE_RECRUITERS: [ROLE_EMPLOYER]
ROLE_SUPER_ADMIN: [ROLE_ADMIN,ROLE_PARENT,ROLE_STUDENT]
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
main:
pattern: ^/
anonymous: ~
form_login:
login_path: /student/login
provider: fos_userbundle
csrf_provider: form.csrf_provider
check_path: fos_user_security_check
use_forward: false
logout:
path: /logout
target: /student/login
#success_handler: security.logout.success_handler
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
access_control:
- { path: /admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student/find-friends, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student/search_friends, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student/contact, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student/forgotpassword, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /reset-password, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student/registration, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student/auth_registration/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student_activation , roles: IS_AUTHENTICATED_ANONYMOUSLY}
- { path: /parent, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/student, roles: ROLE_STUDENT }
- { path: ^/parent, roles: ROLE_PARENT }
看看你access_control栏目:
....
- { path: /parent, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/student, roles: ROLE_STUDENT }
- { path: ^/parent, roles: ROLE_PARENT }
当学生导航到 /parent 时,Symfony 开始检查这些规则。一旦与模式匹配,它 检查角色并退出 。
显然,您的 /parent 路由根本没有受到保护,因此任何用户(包括学生)都可以访问它。
删除第一条规则,事情应该会按预期开始工作。
我的网站有 3 个用户角色。 1.ROLE_ADMIN 2.ROLE_STUDENT 3.ROLE_PARENT
从最近几天开始,当我以 ROLE_STUDENT.This 身份登录时,我遇到了 issue.I 可以转到 ROLE_PARENT 页面的问题,这只发生在 ROLE_STUDENT/ROLE_PARENT 期间,而不是 ROLE_ADMIN
这是我的 sucurity.yml
请告诉我哪里错了。
security:
encoders:
Bundle\AdminBundle\Entity\KidsKulaUsers:
algorithm: sha512
role_hierarchy:
# ROLE_EMPLOYEE: [ROLE_ADVOCATES]
# ROLE_RECRUITERS: [ROLE_EMPLOYER]
ROLE_SUPER_ADMIN: [ROLE_ADMIN,ROLE_PARENT,ROLE_STUDENT]
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
main:
pattern: ^/
anonymous: ~
form_login:
login_path: /student/login
provider: fos_userbundle
csrf_provider: form.csrf_provider
check_path: fos_user_security_check
use_forward: false
logout:
path: /logout
target: /student/login
#success_handler: security.logout.success_handler
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~ # Defaults to the current domain from $_SERVER
access_control:
- { path: /admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student/find-friends, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student/search_friends, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student/contact, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student/forgotpassword, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /reset-password, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student/registration, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student/auth_registration/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /student_activation , roles: IS_AUTHENTICATED_ANONYMOUSLY}
- { path: /parent, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/student, roles: ROLE_STUDENT }
- { path: ^/parent, roles: ROLE_PARENT }
看看你access_control栏目:
....
- { path: /parent, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/student, roles: ROLE_STUDENT }
- { path: ^/parent, roles: ROLE_PARENT }
当学生导航到 /parent 时,Symfony 开始检查这些规则。一旦与模式匹配,它 检查角色并退出 。
显然,您的 /parent 路由根本没有受到保护,因此任何用户(包括学生)都可以访问它。
删除第一条规则,事情应该会按预期开始工作。