I work with with Symfony 2.7 and FOSUserBundle 2.0
What i want is to allow access to /admin to ROLE_ADMIN user but to deny him other paths.
# app/security.yml
access_control:
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_USER }
- { path: ^/admin, roles: ROLE_SUPER_ADMIN }
role_hierarchy:
ROLE_USER: ROLE_USER
ROLE_ADMIN: ROLE_ADMIN
I thought about php app/console fos:user:demote admin ROLE_USER but ROLE_USER is the default role of FOSUser, so every times the admin connects, ROLE_USER comes back in addition to ROLE_ADMIN.
How can do this ?
In that case, ROLE_ADMIN as no access to ROLE_MANAGER
access_control:
- { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/roles: ROLE_MANAGER }
- { path: ^/admin, roles: ROLE_ADMIN }
role_hierarchy:
ROLE_USER:
- ROLE_USER
ROLE_MANAGER:
- ROLE_USER
ROLE_ADMIN:
- ROLE_ADMIN