我的 ROLE_ADMIN 用户可以访问 backend/user URL,尽管我没有授予他这样做的权限。这是我第一次使用 FOS,所以我可能会犯下面的愚蠢错误。我阅读了文档。我应该怎样做才能避免此访问问题?
提前致谢
security.yml
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backend, role: ROLE_ADMIN }
- { path: ^/backend/user, role: ROLE_SUPER_ADMIN }
用户
mbp:symfony$ php app/console fos:user:create user user@foobar user
Created user user
mbp:symfony$ php app/console fos:user:promote user ROLE_USER
User "user" did already have "ROLE_USER" role.
mbp:symfony$ php app/console fos:user:create admin admin@foobar admin
Created user admin
mbp:symfony$ php app/console fos:user:promote admin ROLE_ADMIN
Role "ROLE_ADMIN" has been added to user "admin".
mbp:symfony$ php app/console fos:user:create superadmin superadmin@foobar superadmin
Created user superadmin
mbp:symfony$ php app/console fos:user:promote superadmin ROLE_SUPER_ADMIN
Role "ROLE_SUPER_ADMIN" has been added to user "superadmin".
最佳答案
访问控制使用第一个匹配规则来强制访问,因此您的规则将在 - { path: ^/backend, role: ROLE_ADMIN } 处停止,这意味着永远不会达到后面的规则。
要使其按照您期望的方式工作,您应该更改规则的顺序以匹配..
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backend/user, role: ROLE_SUPER_ADMIN }
- { path: ^/backend, role: ROLE_ADMIN }
关于php - FOS : Ungranted user is accessing to certain URL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25970097/