1

I'm pretty new to Symfony although I've managed to set up a working site, with role based authentication and firewalls I'm really struggling working out how to build a system that allows users to login and have access to a page that only they and admin has access to.

What I really want is a dynamic security role which enables the user in the current session access to their own private page and blocks everyone else...

Here's my actual config:

security:
    encoders: #define the encoders used to encode passwords
        Symfony\Component\Security\Core\User\User: plaintext
        IntuitByDesign\UserBundle\Entity\User: bcrypt
    role_hierarchy: 
        ROLE_ADMIN: [ROLE_USER] 
    providers:
        chain_provider:
            chain: 
                providers: [in_memory, user_db] 
        in_memory: 
            memory: 
                users:
                    admin: { password: adminpass, roles: ROLE_ADMIN }
        user_db: 
            entity: {class: IntuitByDesignUserBundle:User, property: username }    
    firewalls:
        main:
            logout: true
            pattern: /.* 
            form_login: 
                login_path: login
                check_path: login 
                default_target_path: /user 
            logout:
                path: /logout 
                target: / 
            security: true 
            anonymous: true 
    access_control: 
        - { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
        - { path: /logout, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: /user, roles: ROLE_ADMIN } 
        - { path: /user-page/,  roles: ROLE_USER}
        - { path: /.*, roles: IS_AUTHENTICATED_ANONYMOUSLY }

Any hints on how to do this?

Update: After login I would like to redirect page that only the specific logged in user can see.

I thought a way that this might be achieved could be with matching the session username with the user path?

user1645161
  • 15
  • 3
  • If you are new on Symfony, i may loose you on this but you can use a voter to perform this action : http://symfony.com/doc/current/cookbook/security/voters.html But i highly recommend the use of FOSUserBundle. http://symfony.com/doc/current/bundles/FOSUserBundle/index.html – Elyass Jul 04 '16 at 13:26
  • What is your problem exactly? – Terenoth Jul 04 '16 at 15:57
  • My exact problem: I want users to login and be redirected to a user page that only they can see. – user1645161 Jul 05 '16 at 12:38

2 Answers2

0

look FosUserBundle

you can create a system of user easily

Darkness007
  • 93
  • 2
  • 12
0

You could check in the redirected action, if the user is logged in. If yes, load the data according to the user. e.g. you load the needed data by his user id.

So every user sees the data which is related with himself.

You can find more information about user authentication handling in this question: How to check if an user is logged in Symfony2 inside a controller?

Community
  • 1
  • 1
Pointi
  • 334
  • 3
  • 8