php - Symfony Voter : Access denied, the user is neither anonymous, nor remember-me -

-

i'm pretty new symfony. i'm trying tu use voter on admin area.

i want admin (role_admin) able delete (remove) user if he's superadmin (role_super_admin).

my firewall seems work fine can login on admin area , want till i'm not using voter. here's dump of curent user object :

user {#300 ▼   -id: 1   -password: "$2y$13$e3ll2n/pygrgn.7efikqsuamsklolcnggtf1hsbgnmzdxnal1aiua"   -username: "justme"   -email: "me@me.fr"   -isactive: true   -roles: array:1 [▼     0 => "role_admin"   ] }

as use denyunlessgranted() in controller exception :

debug - access denied, user neither anonymous, nor remember-me. error - uncaught php exception symfony\component\httpkernel\exception\accessdeniedhttpexception: "access denied." @ /volumes/work/mamp htdocs/a-symfony-re/vendor/symfony/symfony/src/symfony/component/security/http/firewall/exceptionlistener.php line 119

this security config :

role_hierarchy:     role_author: role_user     role_editor: role_author     role_admin : [role_user, role_allowed_to_switch]  firewalls:     # disables authentication assets , profiler, adapt according needs     dev:         pattern: ^/(_(profiler|wdt)|css|images|js)/         security: false      main:         anonymous: ~         pattern: ^/         provider: app_users_provider         form_login:             login_path: jst_login             check_path: jst_login_check         logout:             path: jst_logout             target: /  access_decision_manager:     strategy: unanimous

this basic action in controller works fine till a'm not using voter :

public function deleteuseraction(user $user) {     $this->denyaccessunlessgranted('delete', $user);     $currentuser = $this->getuser();     $role = $currentuser->getroles[0];      return new response('delete user appbundle:admincontroller:deleteuser : '.$role); }

and simple voter :

namespace appbundle\security;  use appbundle\entity\user; use appbundle\entity\role; use symfony\component\security\core\authentication\token\tokeninterface; use symfony\component\security\core\authorization\voter\voter; use symfony\component\security\core\authorization\accessdecisionmanagerinterface;  class uservoter extends voter {     const edit = 'edit';     const delete = 'delete';     const create = 'create';      private $decisionmanager;      public function __construct(accessdecisionmanagerinterface, $decisionmanager)     {         $this->decisionmanager = $decisionmanager;     }      public function support($attribute, $subject)     {         if (!in_array($attribute, array(selt::delete))) {             return false;         }         if (!$subject instanceof user) {             return false;         }          return true;     }      public function voteonattribute($attribute, $subject, tokeninterface $token)     {         $currentuser = $token->getuser();         $user = $subject;          if (!$currentuser instanceof user) {             return false;         }          switch ($attribute) {             case self::delete :                 //return $this->candelete( $token );                 return $this->candelete($user, $currentuser);                 break;             default:                 throw new \logicexception('this code shoudn\'t executed');         }     }      private function candelete($user, $currentuser)     {         //return $this->decisionmanager->decide( $token, array( 'role_admin' ) );         return $currentuser->getroles()[0] == 'super_admin';     } }

as can see i've tryied use accessdecisionmanagerinterface no result ..

et bien heuuu .. ? ;-)

thanck's !

where role_super_admin in role_hierarchy ?

try in voteonattribute function.

  case self::delete:             // if user super admin, allow them create new posts             if ($this->decisionmanager->decide($token,  array('role_super_admin'))) {                 return true;             }

when logged website, role ? check profiler


Comments

Post a Comment

Popular posts from this blog

magento2 - Magento 2 admin grid add filter to collection -

-
i created grid in admin xml ui components. need filter collection via url parameter , dont know how achieve that. tried inject requestinterface collection, filter didnt work. di.xml <virtualtype name="slidelistingdataprovider" type="magento\framework\view\element\uicomponent\dataprovider\dataprovider"> <arguments> <argument name="collection" xsi:type="object" shared="false">xxx\xxx\model\resourcemodel\grid\slide\collection</argument> <argument name="filterpool" xsi:type="object" shared="false">slidelistingfilterpool</argument> <!-- define new object filters --> </arguments> </virtualtype> <virtualtype name="slidelistingfilterpool" type="magento\framework\view\element\uicomponent\dataprovider\filterpool"> <arguments> <argument name="applier...
Read more

Android volley - avoid multiple requests of the same kind to the server? -

-
i using volley upload list of images server. happens within service. once image uploaded remove list. problem arises when internet connection breaks. when internet connection breaks , comes again thinking of adding images yet uploaded request queue. this can result in more 1 copy of same image saved on server request same image might have gone through before getting rseponse. how can address scenario? i'm not quite sure why you're using service schedule requests volley automatically runs it's request in seperate thread. nevertheless can listen both request results, successful , unsuccessful adding listeners. you can remove image list schedule request using volley. if succeeds can carry on desired, if fails can add again list. public static request getimageuploadrequest(final string image) { response.listener<t> responselistener = new response.listener<t>() { @override public void onresponse(t response...
Read more

Combining PHP Registration and Login into one class with multiple functions in one PHP file -

-
i'm trying combine registration, activation , login scripts php website backend script front end developer can pass variables different forms to. my question whether appropriate approach this. don't want have lot of php files different pieces of application developing. far have written following 2 functions login, register , activate user front end developer can call: <?php /** * created phpstorm. * user: karl * date: 26/07/2016 * time: 02:25 */ class users { function register_user($email, $password, $user_name) { $server_name = "localhost"; $u_name = "root"; $db_password = "root"; $db_name = "betamath_graspe"; //email notification variable $from_address="info@slack.com"; //registration form $msg_reg_user='username taken. please choose different username'; $msg_reg_email='email registered'; $msg_reg_active=...
Read more