Symfony2 FosUserBundle Roles ROLE_ADMIN

symfony fosuserbundle user-roles
Deyvid. picture Deyvid. · Apr 21, 2014 · Viewed 8.4k times · Source

I've got this problem.

Have configured my Sf2 env with FosUserBundle and FacebookBundle.

I've managed to to some ADMIN only section on the frontend (meaning moderator thing). By default, every user created in my project has ROLE_USER only.

The "moderator" thing can only by accessed by having ROLE_ADMIN. The problem is that even I add the role by "$user->addRole('ROLE_ADMIN'), checking if user has this role failed. I would like to show some stuff if user will have this kind of role, but I cannot.

Neither "{% if is_granted('ROLE_ADMIN') %}", nor "$this->container->get('security.context')->isGranted('ROLE_ADMIN')" succedded.

Everytime I'm getting FALSE or nothing when it comes to TWIG.

Checking if user has ROLE_USER works.

Just to be sure I'm adding my config stuff.

security:
encoders:
    FOS\UserBundle\Model\UserInterface: sha512
    Symfony\Component\Security\Core\User\User: plaintext

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

providers:
    chain_provider:
        chain:
          providers: [fos_userbundle, my_fos_facebook_provider]
    fos_userbundle:
        id: user_provider
    my_fos_facebook_provider:
        id: my.facebook.user


firewalls:
    public:
        pattern: ^/
        form_login:
            login_path: /login
            check_path: /login_check
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
            use_referer: true
        fos_facebook:
            app_url: "http://www.facebook.com/apps/application.php?id={{APPID}}"
            server_url: "http://l.local/app_dev.php/"
            login_path: /login
            check_path: /login_fb_check
            default_target_path: /
            provider: my_fos_facebook_provider
            use_referer: true
        logout:
            path:   /logout
            invalidate_session: false
        anonymous:    true

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_ADMIN }
    - { path: ^/secured/.*, role: IS_AUTHENTICATED_FULLY }
    - { path: ^/facebook/,  role: [ROLE_FACEBOOK] }
    - { path: ^/dodaj$, role: ROLE_USER }
    - { path: ^/.*, role: [IS_AUTHENTICATED_ANONYMOUSLY] }

Please, if anyone could help, cause I do not know what to do.

I'm always checking to be sure if my role("ROLE_ADMIN") is added in my database, and in fact, it is.

Answer

Healkiss picture Healkiss · Apr 22, 2014

The role is process at the session generation (connection, login ..). So you get it from the security context (session). Directly in a twig template or from the securityContext object elsewhere :

In twig template use is_granted('ROLE_ADMIN')

In controller (with security context) use $securityContext->isGranted('ROLE_ADMIN')

Don't forget to re-signing after a role change.

Related questions

Managing users/roles/groups in FOSUserBundle

I am developing a simple CRUD to manage users/roles/groups of the application in which I am working. To manage users I'm using FOSUserBundle. What I want to do can be accomplished in several ways: Assigning roles to groups …

Read More
set role for users in edit form of sonata admin

I'm using Symfony 2.1 for a project. I use the FOSUserBundle for managing users & SonataAdminBundle for administration usage. I have some questions about that: As an admin, I want to set roles from users in users edit form. How can …

Read More
Accessing the logged-in user in a template

I'm using FOSuserbundle to get started with User registration https://github.com/FriendsOfSymfony/FOSUserBundle I've got it registering / logging in and out. What I want to do now is grab the logged in users data and present it on every …

Read More