symfony firewall config for shared secure area

0
votes

I have 3 roles in my project:

admin=> /admin
customer=> /customer
therapist=> /therapist

I config the security firewalls and work correctly. But I need to know customer user is logged in or therapist user form outside of secured area. Is there any way to config firewall to access shared secured area? If I change the pattern of customer and therapist to / , the customer firewall wont work. this is my security.yml

security:
    encoders:
        Utab\AdminBundle\Entity\User:
            algorithm: bcrypt
        Arg\TherapistBundle\Entity\User:
            algorithm: bcrypt
        Shop\CustomerBundle\Entity\User:
            algorithm: bcrypt
    providers:
        admin_provider:
            entity:
                class: 'UtabAdminBundle:User'
        therapist_provider:
            entity:
                class: 'ArgTherapistBundle:User'
        shop_customer_provider:
            entity:
                class: 'ShopCustomerBundle:User'
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        admin_firewall:
            pattern: /admin/.*
            simple_form:
                provider: admin_provider
                check_path: admin_login_check
                login_path: admin_login
                failure_path: admin_login
                default_target_path: admin_profile
                authenticator: google_recaptcha_authenticator
                failure_forward: true
            logout:
                path: admin_logout
                target: admin_login
            anonymous: true

        therapist_firewall:
            pattern: /therapist/.*
            simple_form:
                provider: therapist_provider
                check_path: therapist_login_check
                login_path: therapist_login
                failure_path: therapist_login
                default_target_path: therapist_profile
                authenticator: google_recaptcha_authenticator
            logout:
                path: therapist_logout
                target: /
            anonymous: true
        shop_customer_firewall:
            pattern: /customer/.*
            simple_form:
                provider: shop_customer_provider
                check_path: shop_customer_login_check
                login_path: shop_customer_login
                failure_path: shop_customer_login
                default_target_path: shop_customer_profile
                authenticator: google_recaptcha_authenticator
            logout:
                path: shop_customer_logout
                target: shop_customer_login
            anonymous: true

    access_control:
        - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/, role: ROLE_ADMIN }
        - { path: ^/therapist/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/therapist/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/therapist/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/therapist/, role: ROLE_THERAPIST }
        - { path: ^/customer/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/customer/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/customer/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/customer/, role: ROLE_SHOP_CUSTOMER }
1
symfony

1 Answers

1
votes

You can only access the current logged in user (and his roles) in the current firewall. If no firewall is defined for the current URL, you cannot access the data.

However, there is a solution. Make one large firewall with the three current firewalls combined. Then, use Access Control to restrict access to sub-URLs. You should definitely think about the different User entities you are using now.

Example:

# app/config/security.yml
security:
    # ...
    access_control:
        - { path: ^/admin, roles: ROLE_ADMIN }
        - { path: ^/customer, roles: ROLE_CUSTOMER }
        - { path: ^/therapist, roles: ROLE_THERAPIST }

Also read the documentation.