0

On my website, I have admins who have a bunch of roles. I want to limit access to a section to SOME admins, so I ask for a specific role to be granted before entering. The admins need to have the "ROLE_REPORT" role assigned to them to access the /report page.

Here's my code:

security:
    role_hierarchy:
        ROLE_REPORT : ROLE_USER
        ROLE_MERCHANT:    ROLE_USER
        ROLE_VIRTUAL_TERMINAL: ROLE_MERCHANT
        ROLE_ONLINE_CHECKOUT: ROLE_MERCHANT
        ROLE_ADMIN:       [ROLE_MERCHANT, ROLE_VIRTUAL_TERMINAL, ROLE_ONLINE_CHECKOUT]
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    access_control:

        # Section Report
        - { path: /report(.*), roles: ROLE_REPORT}

For some reason, my admin, when the role is granted, cannot access the page. I'm thinking it has to do with the role hierarchy.

Let me know if I can provide you with more info.

Thank you,

Ebpo
  • 794
  • 3
  • 12
  • 22

2 Answers2

1

By default, you need to logout/login again in order for new roles to take effect.

However, there is another option. According to Security reference there is an option always_authenticate_before_granting which, if set to true, will refresh token on each request. Symfony will go to DB each time to refresh roles.

iamdto provided the similar answer with example and links

Community
  • 1
  • 1
Jovan Perovic
  • 19,846
  • 5
  • 44
  • 85
0

You should add a new role, for example ROLE_ADMIN_REPORT and modify your security in this way:

security:
    role_hierarchy:
        ROLE_REPORT : ROLE_USER
        ROLE_MERCHANT:    ROLE_USER
        ROLE_VIRTUAL_TERMINAL: ROLE_MERCHANT
        ROLE_ONLINE_CHECKOUT: ROLE_MERCHANT
        ROLE_ADMIN:       [ROLE_MERCHANT, ROLE_VIRTUAL_TERMINAL, ROLE_ONLINE_CHECKOUT]
        ROLE_ADMIN_REPORT: [ROLE_ADMIN, ROLE_REPORT]
        ROLE_SUPER_ADMIN: ROLE_ADMIN

access_control:

    # Section Report
    - { path: /report(.*), roles: ROLE_REPORT}
M. Foti
  • 3,156
  • 2
  • 16
  • 14