我的ROLE_ADMIN
用戶可以訪問backend/user
URL,儘管我沒有授予他這樣做的權限。這是我第一次使用FOS,所以我可能會在下面做一個愚蠢的錯誤。我閱讀文檔。我該怎麼做才能避免這種訪問問題?FOS:未經授權的用戶正在訪問特定的URL
在此先感謝
security.yml
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/backend, role: ROLE_ADMIN }
- { path: ^/backend/user, role: ROLE_SUPER_ADMIN }
USERS
mbp:symfony$ php app/console fos:user:create user [email protected] user
Created user user
mbp:symfony$ php app/console fos:user:promote user ROLE_USER
User "user" did already have "ROLE_USER" role.
mbp:symfony$ php app/console fos:user:create admin [email protected] admin
Created user admin
mbp:symfony$ php app/console fos:user:promote admin ROLE_ADMIN
Role "ROLE_ADMIN" has been added to user "admin".
mbp:symfony$ php app/console fos:user:create superadmin [email protected] superadmin
Created user superadmin
mbp:symfony$ php app/console fos:user:promote superadmin ROLE_SUPER_ADMIN
Role "ROLE_SUPER_ADMIN" has been added to user "superadmin".
謝謝,它工作正常 – BentCoder 2014-09-22 09:23:58