Symfony granting path access to multiple roles in security.yml

php security symfony roles access-control
nmcilree picture nmcilree · Oct 18, 2013 · Viewed 23.1k times · Source

Hi I would like to be able to allow access to a path in security.yml based on the user either having ROLE_TEACHER, or ROLE_ADMIN.

According to the question in Multiple roles required for same url in symfony 2 the entry below should allow either role access.

- { path: ^/admin, roles: ROLE_ADMIN}
- { path: ^/admin, roles: ROLE_TEACHER}

However, this will only allow the top role access. Is there a way of having multiple role access to a single path?

Answer

Udan picture Udan · Oct 18, 2013

This is the way to go and what i'm using:

- { path: ^/admin, roles: [ROLE_ADMIN, ROLE_TEACHER] }

Related questions

Symfony security return 401 response instead of redirect

I'm writing an ajax application with ajax authentication and now I started using the symfony security component in silex to handle authentication/authorization. Doing a simple test with a simple configuration, I go to a protected area by the firewall …

Read More
Log user out in Symfony 2 application when "remember me" is enabled

I'm looking for a way to log user out of Symfony 2 application, but could not find a way to do it properly. I've tried an approach described here: Symfony2: how to log user out manually in controller? $this->get(…

Read More
How can I prevent SQL injection in PHP?

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST['user_input']; mysql_query("INSERT INTO `table` (`column`) VALUES ('$unsafe_variable')"); That's …

Read More