Symfony2 FosUserBundle Roles ROLE_ADMIN

Deyvid. picture Deyvid. · Apr 21, 2014 · Viewed 8.4k times · Source

I've got this problem.

Have configured my Sf2 env with FosUserBundle and FacebookBundle.

I've managed to to some ADMIN only section on the frontend (meaning moderator thing). By default, every user created in my project has ROLE_USER only.

The "moderator" thing can only by accessed by having ROLE_ADMIN. The problem is that even I add the role by "$user->addRole('ROLE_ADMIN'), checking if user has this role failed. I would like to show some stuff if user will have this kind of role, but I cannot.

Neither "{% if is_granted('ROLE_ADMIN') %}", nor "$this->container->get('security.context')->isGranted('ROLE_ADMIN')" succedded.

Everytime I'm getting FALSE or nothing when it comes to TWIG.

Checking if user has ROLE_USER works.

Just to be sure I'm adding my config stuff.

security:
encoders:
    FOS\UserBundle\Model\UserInterface: sha512
    Symfony\Component\Security\Core\User\User: plaintext

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: ROLE_ADMIN

providers:
    chain_provider:
        chain:
          providers: [fos_userbundle, my_fos_facebook_provider]
    fos_userbundle:
        id: user_provider
    my_fos_facebook_provider:
        id: my.facebook.user


firewalls:
    public:
        pattern: ^/
        form_login:
            login_path: /login
            check_path: /login_check
            provider: fos_userbundle
            csrf_provider: form.csrf_provider
            use_referer: true
        fos_facebook:
            app_url: "http://www.facebook.com/apps/application.php?id={{APPID}}"
            server_url: "http://l.local/app_dev.php/"
            login_path: /login
            check_path: /login_fb_check
            default_target_path: /
            provider: my_fos_facebook_provider
            use_referer: true
        logout:
            path:   /logout
            invalidate_session: false
        anonymous:    true

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_ADMIN }
    - { path: ^/secured/.*, role: IS_AUTHENTICATED_FULLY }
    - { path: ^/facebook/,  role: [ROLE_FACEBOOK] }
    - { path: ^/dodaj$, role: ROLE_USER }
    - { path: ^/.*, role: [IS_AUTHENTICATED_ANONYMOUSLY] }

Please, if anyone could help, cause I do not know what to do.

I'm always checking to be sure if my role("ROLE_ADMIN") is added in my database, and in fact, it is.

Answer

Healkiss picture Healkiss · Apr 22, 2014

The role is process at the session generation (connection, login ..). So you get it from the security context (session). Directly in a twig template or from the securityContext object elsewhere :

In twig template use is_granted('ROLE_ADMIN')

In controller (with security context) use $securityContext->isGranted('ROLE_ADMIN')

Don't forget to re-signing after a role change.