symfony access_control not working

2
votes

My acces_control insisde the security.yml doesn't work. I already cleared the cache without any result :)

As I read the documentation, I could found anything wrong.... NOrmally, only ROLE_ADMIN should have access to the path /user/. The role is correct, I tested it with 

{% if is_granted('ROLE_ADMIN') %}

inside Twig.

security: encoders: FOS\UserBundle\Model\UserInterface: pbkdf2

role_hierarchy:
    ROLE_CUSTOMER_REVISION: ROLE_USER
    ROLE_CUSTOMER_MANAGER:  [ROLE_CUSTOMER_REVISION, ROLE_IOS]
    ROLE_CUSTOMER_ADMIN:    ROLE_CUSTOMER_MANAGER
    ROLE_ADMIN:             [ROLE_CUSTOMER_ADMIN]

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, role: ROLE_USER }
    - { path: ^/admin/, role: ROLE_ADMIN }
    - { path: ^/user/, role: ROLE_ADMIN }

providers:
    fos_userbundle:
        id: fos_user.user_provider.username

firewalls:
    dev:
         pattern:  ^/(_(profiler|wdt)|css|images|js)/
         security: false
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
            default_target_path: /{locale}/
        logout:       true
        anonymous:    true

AM I doing something wrong which I dont see?

1
symfonyroutesaccess-control

1 Answers

9
votes

You have to sort acces_control clauses from the most specific to the most general:

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_ADMIN }
    - { path: ^/user/, role: ROLE_ADMIN }
    - { path: ^/, role: ROLE_USER }

This is because the route /admin is matched by ^/ pattern too, so the restrictive pattern ^/admin/ must be placed before.