roles and access_control fosuserbundle

I'm working with FOSUserBundle, and now I'm trying the roles and access control.

I tried to create a new role, change the role of one of my user, then access a page with restricted access.

security.yml :

security:
    encoders:
        FN\UserBundle\Entity\User: sha512

    role_hierarchy:
        ROLE_USER_CONFIRMED:    ROLE_USER
        ROLE_ADMIN:             [ROLE_USER, ROLE_USER_CONFIRMED]
        ROLE_SUPER_ADMIN:       [ROLE_USER, ROLE_USER_CONFIRMED, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        main:
            id: fos_user.user_provider.username

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main_login:
            pattern: ^/login$
            anonymous: true

        main:
            pattern: ^/
            anonymous: true
            provider: main
            form_login:
                login_path: fos_user_security_login
                check_path: fos_user_security_check
                always_use_default_target_path: false
                default_target_path:            /client/home
                target_path_parameter:          _target_path
                use_referer:                    false
            logout:
                path:       fos_user_security_logout
                target:     /home
            remember_me:
                key:        %secret%

    access_control:
        - { path: ^/client, roles: ROLE_USER_CONFIRMED }
        - { path: ^/admin, roles: ROLE_ADMIN }

I changed the roles of my user with $user->setRoles(array('ROLE_USER_CONFIRMED'));

In my database, user's role changed well, but when I click on the user in the FOSUserBundle toolbar, my user stay in ROLE_USER. and when I go on the page : "xxx/client/home", I have an ACCESS DENIED page.

Have you an idea of why the role is well changed in my database, but I can't open the page ?

Answers


did you have the user logout then log back in? Roles get pulled and saved as part of the session upon logging in so if you applied the role while the user was logged in on a machine, the user would not see that reflected on that machine until they logged out and then logged back in.


Need Your Help

Bootstrap themed dropdown menu failing

javascript jquery twitter-bootstrap-3

I am trying to build a simple app using jQuery and Bootstrap. I'm having trouble adding dropdown menus. I've been trying to use the example code from http://getbootstrap.com/examples/theme/ but it ...

Custom Button on new Opportunity Page that links to Visualforce Page on Save

salesforce visualforce

I've encountered a customers sandbox where the standard "Save" and "Save & New" buttons have been replaced by a "Save & Add Brand" button on the standard new opportunity page. They have ren...