0
問題是...如何防止Symfony ADMIN_ROLE模擬SUPER_ADMIN_ROLE?
我配置了ADMIN_ROLE模仿任何用戶。 但我有一個SUPER_AMIN_ROLE,我可以在其中添加新的ADMIN,並更改一些重要的應用程序。
如何防止這些ADMIN_ROLE模擬我的帳戶?
我此時停止....
這裏是我的security.yml文件:
# To get started with security, check out the documentation:
# http://symfony.com/doc/current/book/security.html
security:
encoders:
AppBundle\Entity\Cliente: bcrypt
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
our_db_provider:
entity:
class: AppBundle:Cliente
property: cpf
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
form_login:
login_path: login
check_path: login
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
logout:
path: /logout
target: /login
invalidate_session: true
remember_me:
secret: ~damMe~HIDDED
lifetime: ~damMe~HIDDED
path: /dashboard
switch_user: { role: ROLE_ADMIN }
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/cadastro, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/dashboard, roles: IS_AUTHENTICATED_REMEMBERED }
- { path: ^/cliente, roles: [ IS_AUTHENTICATED_FULLY, USER_ROLE ] }
- { path: ^/indicados, roles: [ IS_AUTHENTICATED_FULLY, USER_ROLE ] }
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_REGIONAL, ROLE_ALLOWED_TO_SWITCH]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]