Symfony user Role inheritance

2
votes

I am currently working on a system using symfony (with FOSUserBundle), and i have multiple roles within the role_hierarchy, which i would like to utilize inheritance.

I have the role_hierarchy of:

role_hierarchy:
    ROLE_MEMBER:     ROLE_USER
    ROLE_MONITOR:    ROLE_MEMBER
    ROLE_SUPERVISOR:  ROLE_MONITOR
    ROLE_MANAGER:     ROLE_SUPERVISOR
    ROLE_ADMIN:       ROLE_MEMBER
    ROLE_SUPER_ADMIN: [ROLE_MANAGER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

If the user i am logged in as has ROLE_SUPERVISOR and i call:

$this->get('security.context')->isGranted('ROLE_MONITOR')

I would expect this to return true, but it currently returns false.

Without adding every role to each user, is it possible to inherit roles so that if i called isGranted, it would check all other "related roles" within the hierarchy? and if so, how?

1
symfonyinheritancefosuserbundleroles
do any roles currently work? With the SUPERVISOR user, does $this->get('security.context')->isGranted('ROLE_SUPERVISOR') return true? If not, it's not a problem with the hierarchy, rather how you configured each user's roles. - Sehael

1 Answers

2
votes

You need to put [] around your roles. This works as expected for me:

role_hierarchy:
    ROLE_USER:           []
    ROLE_STAFF:          [ROLE_USER]

    ROLE_SCORE_ENTRY:    [ROLE_USER, ROLE_STAFF]
    ROLE_SCORE_ADMIN:    [ROLE_USER, ROLE_STAFF, ROLE_SCORE_ENTRY]

    ROLE_ASSIGNOR:       [ROLE_STAFF]
    ROLE_ASSIGNOR_KAC:   [ROLE_ASSIGNOR]
    ROLE_ASSIGNOR_CORE:  [ROLE_ASSIGNOR]
    ROLE_ASSIGNOR_EXTRA: [ROLE_ASSIGNOR]

    ROLE_ASSIGNOR_ADMIN: 
      - ROLE_ASSIGNOR
      - ROLE_ASSIGNOR_KAC
      - ROLE_ASSIGNOR_CORE
      - ROLE_ASSIGNOR_EXTRA

    ROLE_DEVELOPER: [ROLE_USER]

    ROLE_ADMIN:       
      - ROLE_STAFF
      - ROLE_ASSIGNOR_ADMIN 
      - ROLE_SCORE_ADMIN
      - ROLE_ALLOWED_TO_SWITCH

    ROLE_SUPER_ADMIN: 
      - ROLE_ADMIN
      - ROLE_DEVELOPER
      - ROLE_ALLOWED_TO_SWITCH