2015-08-21 148 views
1

我想受保護的網址/管理/和我使用symfony書但不能正常工作,我有用戶沒有用戶束只是實體用戶和字段角色= ROLE_ADMIN或ROLE_USER,ROLE_FREELANCER。我有標準完整的SecurityBundle。現在,如果我與具有ROLE_FREELNANCER的開發人員一起進入,那麼我會轉到該角色的操作,但是如果我通過url admin/tim/dashboard此開發人員輸入此url,則此錯誤。請幫助。 這是我的安全:Symfony安全路由管理

security: 
encoders: 
    Artel\ProfileBundle\Entity\Users: 
     algorithm:  sha1 
     encode_as_base64: false 
     iterations:  1 
    Artel\ProfileBundle\Entity\Developer: 
     algorithm:  sha1 
     encode_as_base64: false 
     iterations:  1 
    Symfony\Component\Security\Core\User\User: plaintext 

role_hierarchy: 
    ROLE_CLIENT: ROLE_USER 
    ROLE_COMPANY: ROLE_USER 
    ROLE_FREELANCER: ROLE_USER 
    ROLE_ADMIN: ROLE_ADMIN 
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_MODERATOR, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] 

providers: 
    chain_provider: 
     chain: 
      providers: [user_db, user_dev, in_memory] 
      providers: [user_dev, in_memory] 
    user_db: 
     entity: { class: Artel\ProfileBundle\Entity\Users, property: email } 
    user_dev: 
     entity: { class: Artel\ProfileBundle\Entity\Developer, property: email } 
    in_memory: 
     memory: 
     users: 
      admin_tyty: { password: adminpass_tyty, roles: [ 'ROLE_ADMIN' ] } 


firewalls: 
    default: 
     anonymous: ~ 
     http_basic: ~ 
     form_login: 
      login_path: /login 
      check_path: /login_check 
     logout: 
       path: /logout 
       invalidate_session: false 

access_control: 
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
    - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
    - { path: /admin/(.*), roles: ROLE_ADMIN } 

和我的行動

class SecurityController extends Controller 
{ 
    public function loginAction(Request $request) 
    { 

    $authenticationUtils = $this->get('security.authentication_utils'); 

    // get the login error if there is one 
    $error = $authenticationUtils->getLastAuthenticationError(); 

    // last username entered by the user 
    $lastUsername = $authenticationUtils->getLastUsername(); 

    return $this->render('ArtelProfileBundle:Security:login.html.twig', 
     array(
      // last username entered by the user 
      'last_username' => $lastUsername, 
      'home_page' => $this->container->getParameter('home_page'), 
      'phone_in_header' => $this->container->getParameter('phone_in_header'), 
      'error'   => $error, 
      'db_url' => $this->container->getParameter('db_url'), 
      'api_url' => $this->container->getParameter('api_url'), 
      'mauth_url' => $this->container->getParameter('mauth_url'), 
      'gaID' => $this->container->getParameter('gaID'), 
      'ymID' => $this->container->getParameter('ymID') 
     ) 
    ); 
} 

public function securityCheckAction() 
{ 
    // Роут 
} 

public function indexAction() 
{ 

    $securityContext = $this->container->get('security.context'); 

    if ($securityContext->isGranted('IS_AUTHENTICATED_FULLY') == false) { 
     return $this->redirect($this->generateUrl('login_route')); 
    } 

    $role = $this->getUser()->getRoles(); 
    if($role[0] == 'ROLE_FREELANCER') 
    { 
     return $this->redirect($this->generateUrl('artel_profile_homepage', array('username' => $this->getUser()->getUsername()))); 
    } 
    elseif($role[0] == 'ROLE_COMPANY') 
    { 
     return $this->redirect($this->generateUrl('artel_user_profile_homepage', array('username' => $this->getUser()->getUsername()))); 
    } 

    if($role[0] == 'ROLE_ADMIN') 
    { 
     return $this->redirect($this->generateUrl('admin_tim_dashboard')); 
    } 
    else 

    return $this->render('default/index.html.twig'); 
} 
+2

''{{path:^/admin /,role:ROLE_ADMIN}''一個排隊。 – malcolm

回答

2

你ACCESS_CONTROL設置允許這樣做。更改規則的順序:

access_control: 
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
    - { path: ^/admin/, role: ROLE_ADMIN } 
    - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
+0

你也是偉人 –