Symfony2 FosUserBundle Roles ROLE_ADMIN

3
votes

I've got this problem.

Have configured my Sf2 env with FosUserBundle and FacebookBundle.

I've managed to to some ADMIN only section on the frontend (meaning moderator thing). By default, every user created in my project has ROLE_USER only.

The "moderator" thing can only by accessed by having ROLE_ADMIN. The problem is that even I add the role by "$user->addRole('ROLE_ADMIN'), checking if user has this role failed. I would like to show some stuff if user will have this kind of role, but I cannot.

Neither "{% if is_granted('ROLE_ADMIN') %}", nor "$this->container->get('security.context')->isGranted('ROLE_ADMIN')" succedded.

Everytime I'm getting FALSE or nothing when it comes to TWIG.

Checking if user has ROLE_USER works.

Just to be sure I'm adding my config stuff.

security:
encoders:
    FOS\UserBundle\Model\UserInterface: sha512
    Symfony\Component\Security\Core\User\User: plaintext

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

providers:
    chain_provider:
        chain:
          providers: [fos_userbundle, my_fos_facebook_provider]
    fos_userbundle:
        id: user_provider
    my_fos_facebook_provider:
        id: my.facebook.user


firewalls:
    public:
        pattern: ^/
        form_login:
            login_path: /login
            check_path: /login_check
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
            use_referer: true
        fos_facebook:
            app_url: "http://www.facebook.com/apps/application.php?id={{APPID}}"
            server_url: "http://l.local/app_dev.php/"
            login_path: /login
            check_path: /login_fb_check
            default_target_path: /
            provider: my_fos_facebook_provider
            use_referer: true
        logout:
            path:   /logout
            invalidate_session: false
        anonymous:    true

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_ADMIN }
    - { path: ^/secured/.*, role: IS_AUTHENTICATED_FULLY }
    - { path: ^/facebook/,  role: [ROLE_FACEBOOK] }
    - { path: ^/dodaj$, role: ROLE_USER }
    - { path: ^/.*, role: [IS_AUTHENTICATED_ANONYMOUSLY] }

Please, if anyone could help, cause I do not know what to do.

I'm always checking to be sure if my role("ROLE_ADMIN") is added in my database, and in fact, it is.

1
symfonyfosuserbundleuser-roles
1. Did you persist ($userManager->updateUser($user) user object? 2. Did you do role check in the same request as $user->addRole() or in the next one?Crozin
Well, I did. ($user->save()) I've checked the role after saving the user. It's kinda weird..Deyvid.
I don't know if is a usually thing, but even when I have in my database NULL in the roles place, when I execute $user->getRoles() I'm getting ROLE_USER. I know it could be some default ROLE, for anybody, but problem in fact is with ROLE_ADMIN.Deyvid.
Be sure to re-signin to apply the role. I had never understand we need that.Healkiss
Ok, this is thing I've truly haven't done yet. Please let me understand it correctly, when I apply some role to user (my own role) and check that role in controller or in twig, i'm just checking the string, right? There is no necessary to do some other config stuff?Deyvid.

1 Answers

1
votes

The role is process at the session generation (connection, login ..). So you get it from the security context (session). Directly in a twig template or from the securityContext object elsewhere :

In twig template use is_granted('ROLE_ADMIN')

In controller (with security context) use $securityContext->isGranted('ROLE_ADMIN')

Don't forget to re-signing after a role change.