How to forbid access for authorised users in Symfony2?

Question

I'm a beginner in Symfony2. Now I try to finish writing authorisation, using FOSUserBundle. I have a problem, that authorised user can access to log in page or register page. Can I change this in configs or I have to check it in the controller? Thank you

PS I mean such part in security.yml:

access_control:
    - { path: /new, role: ROLE_USER }
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_ADMIN }

score 1 · Accepted Answer · edited May 23 '17 at 12:25

1

You can solve it by creating an event listener which will hook into the FOSUserBundle controllers. For registration you could use fos_user.registration.initialize event. In your listener you could check if user is already authenticated, if yes then redirect to whatever route you like (e.g. to homepage). See this answer to see the example.

For login route (/login) you could override the default FOSUserBundle SecurityController and check there if user is authenticated and do the redirect. See this example.

edited May 23 '17 at 12:25

Community

1
1

answered Mar 13 '16 at 15:44

takeit

3,991
1
20
36

Nice :) Thank you, it's that I was looking for. – a_sarana Mar 14 '16 at 19:38

score 0 · Answer 2 · answered Mar 14 '16 at 08:17

0

You can try to use expressions like here: http://symfony.com/doc/current/cookbook/security/access_control.html#book-security-allow-if.

Expression could be:

"is_anonymous() and and not is_remember_me() not is_fully_authenticated()"

answered Mar 14 '16 at 08:17

Dmitry Grachikov

316
3
11

How to forbid access for authorised users in Symfony2?

2 Answers2