FOS：未經授權的用戶正在訪問特定的URL

Question

我的ROLE_ADMIN用戶可以訪問backend/user URL，儘管我沒有授予他這樣做的權限。這是我第一次使用FOS，所以我可能會在下面做一個愚蠢的錯誤。我閱讀文檔。我該怎麼做才能避免這種訪問問題？

在此先感謝

security.yml

role_hierarchy: 
    ROLE_ADMIN: ROLE_USER 
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] 

access_control: 
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } 
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } 
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } 
    - { path: ^/backend, role: ROLE_ADMIN } 
    - { path: ^/backend/user, role: ROLE_SUPER_ADMIN } 

USERS

mbp:symfony$ php app/console fos:user:create user user@foobar user 
Created user user 
mbp:symfony$ php app/console fos:user:promote user ROLE_USER 
User "user" did already have "ROLE_USER" role. 

mbp:symfony$ php app/console fos:user:create admin admin@foobar admin 
Created user admin 
mbp:symfony$ php app/console fos:user:promote admin ROLE_ADMIN 
Role "ROLE_ADMIN" has been added to user "admin". 

mbp:symfony$ php app/console fos:user:create superadmin superadmin@foobar superadmin 
Created user superadmin 
mbp:symfony$ php app/console fos:user:promote superadmin ROLE_SUPER_ADMIN 
Role "ROLE_SUPER_ADMIN" has been added to user "superadmin". 

Answer 1

訪問控制使用第一個匹配規則，使您的規則在- { path: ^/backend, role: ROLE_ADMIN }停止這意味着規則從未到達後執行訪問。

要在你希望你要切換你的規則順序圍繞匹配的方式得到這個工作..

access_control: 
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } 
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } 
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } 
    - { path: ^/backend/user, role: ROLE_SUPER_ADMIN } 
    - { path: ^/backend, role: ROLE_ADMIN } 

Answer 2

在代碼中，正則表達式模式是匹配ROLE_SUPER_ADMIN前ROLE_ADMIN。嘗試在這樣：
- { path: ^/backend/user, roles: ROLE_SUPER_ADMIN } - { path: ^/backend, roles: ROLE_ADMIN }