I'm pretty new to Symfony although I've managed to set up a working site, with role based authentication and firewalls I'm really struggling working out how to build a system that allows users to login and have access to a page that only they and admin has access to.
What I really want is a dynamic security role which enables the user in the current session access to their own private page and blocks everyone else...
Here's my actual config:
security:
encoders: #define the encoders used to encode passwords
Symfony\Component\Security\Core\User\User: plaintext
IntuitByDesign\UserBundle\Entity\User: bcrypt
role_hierarchy:
ROLE_ADMIN: [ROLE_USER]
providers:
chain_provider:
chain:
providers: [in_memory, user_db]
in_memory:
memory:
users:
admin: { password: adminpass, roles: ROLE_ADMIN }
user_db:
entity: {class: IntuitByDesignUserBundle:User, property: username }
firewalls:
main:
logout: true
pattern: /.*
form_login:
login_path: login
check_path: login
default_target_path: /user
logout:
path: /logout
target: /
security: true
anonymous: true
access_control:
- { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /logout, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /user, roles: ROLE_ADMIN }
- { path: /user-page/, roles: ROLE_USER}
- { path: /.*, roles: IS_AUTHENTICATED_ANONYMOUSLY }
Any hints on how to do this?
Update: After login I would like to redirect page that only the specific logged in user can see.
I thought a way that this might be achieved could be with matching the session username with the user path?
