role_hierarchy with Symfony2

Question

I have a big problem with my role_hierarchy,

security:
    role_hierarchy:
        ROLE_ADMIN:[ROLE_USER,ROLE_AUTHOR,ROLE_MODERATOR]
        ROLE_SUPER_ADMIN:[RO         


        

Answer 1

I cannot see what's wrong from the code snippets you provided, so I made a little example application to give you a step by step-instruction which might lead you to the source of the problem.

1. Cloned symfony-standard (master) (and removed Acme\DemoBundle)
2. Added "friendsofsymfony/user-bundle": "dev-master" to composer.json
3. Created new bundle Mahok\SecurityBundle (php app/console generate:bundle)
4. Created new Entity php app/console doctrine:generate:entity
5. Modified Entity according to FOS\UserBundle documentation (step 3; Important: Change the table name to something other than "user", as this is a reserved word and might cause trouble!)

6. Modified app/AppKernel.php, app/config/config.yml, app/config/routing.yml and app/config/security.yml according to FOS\UserBundle documentation. For reference: This is the security.yml I use:

   jms_security_extra:
       secure_all_services: false
       expressions: true
   
   security:
       encoders:
           FOS\UserBundle\Model\UserInterface: sha512
   
   role_hierarchy:
       ROLE_AUTHOR:      [ROLE_USER]
       ROLE_MODERATOR:   [ROLE_AUTHOR]
       ROLE_ADMIN:       [ROLE_MODERATOR]
       ROLE_SUPER_ADMIN: [ROLE_ADMIN]
   
   providers:
       fos_userbundle:
           id: fos_user.user_manager
   
   firewalls:
       dev:
           pattern:  ^/(_(profiler|wdt)|css|images|js)/
           security: false
   
       auth:
           pattern:   (^/login$|^/register|^/resetting)
           anonymous: true
   
       main:
           pattern:    ^/
           form_login:
               provider:      fos_userbundle
               csrf_provider: form.csrf_provider
           logout:     true
           anonymous:  true
   
   access_control:
       - { path: ^/admin, role: ROLE_ADMIN }
   

7. Created user with `php app/console fos:user:create sa --super-admin

8. Modified DefaultController:default.html.twig in Mahok\SecurityBundle, checking for {% is_granted('ROLE_MODERATOR') %}:

   Hello {{ name }}!
   {% if is_granted('ROLE_MODERATOR') %}
   <ul>
       {% for role in app.user.roles %}
       <li>{{ role }}</li>
       {% endfor %}
   </ul>
   {% else %}
       oh noes!
   {% endif %}
   

edit: When going to localhost/example/app_dev.php/hello/User (after logging in as "sa"), I get the following output:

Hello User!
* ROLE_SUPER_ADMIN
* ROLE_USER