FOSUserBundle admin area not accessible after login

问题

I am using FOSUserBundle for admin section as well as frontend by following the instructions given at:

https://github.com/FriendsOfSymfony/FOSUserBundle/issues/849

For frontend everything is working fine but for admin section when i access my admin area /admin then i am redirected to login page /admin/login (that is correct). Once i provide admin username and password then as per the default target path of after login

default_target_path: /admin/

defined in security.yml it is redirecting to /admin (that is also correct) but i am getting 403 forbidden error

**Access Denied**
403 Forbidden - AccessDeniedHttpException
1 linked Exception:
    AccessDeniedException     

In my security.yml when i remove the below line:

- { path: ^/admin/, role: ROLE_ADMIN }

then i am able to access /admin area after login.

I also observed that every time when i create a new user using /register at front end it is entering a:0:{} in the roles field of fos_user database table. Now i want to know :

What changes i will need to make at script level to create different types of users like admin, normal user etc. so that the above code of security.yml that i removed should work without removing

回答1:

By default, created user has role ROLE_USER which is saved in DB like empty array converted to JSON a:0:{}. In FOSUserBundle exists some helpful Command Line Tools. You should use Promote a User for set user ROLE_ADMIN like this:

$ php app/console fos:user:promote username ROLE_ADMIN

After that your username user will have access to admin panel where you can promote other users manually.

To create users with diferent ROLE types you should write event listener for fos_user.registration.initialize (or even fos_user.registration.success) event, like this:

class RegistrationListener
{
    public function setUserRole(UserEvent $event)
    {
        $request = $event->getRequest();
        if (/* some conditions */) {
            $user = $event->getUser();
            $user->addRole('ROLE_STH');
        }
    }
}

Please be careful with using this listener for setting ROLE_ADMIN. Promote a User command is intended to add role like ROLE_ADMIN.

回答2:

@neeraj, as an answer to your comment here FOSUserBundle admin area not accessible after login as i know it's not possible to do it only with security.yml, but you can go with listener, not much to do.

create folder EventListener in your Bundle, then create SecurityListener.php

<?php

namespace Your\NameBundle\EventListener;

use Symfony\Bundle\FrameworkBundle\Routing\Router;
use Symfony\Component\Security\Core\SecurityContext;
use Symfony\Component\EventDispatcher\EventDispatcher;
use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
use Symfony\Component\HttpFoundation\RedirectResponse;

class SecurityListener
{
    protected $router;
    protected $security;
    protected $dispatcher;

    public function __construct(Router $router, SecurityContext $security, EventDispatcher $dispatcher)
    {
        $this->router = $router;
        $this->security = $security;
        $this->dispatcher = $dispatcher;
    }

    public function onSecurityInteractiveLogin(InteractiveLoginEvent $event)
    {
        $this->dispatcher->addListener(KernelEvents::RESPONSE, array($this, 'onKernelResponse'));
    }

    public function onKernelResponse(FilterResponseEvent $event)
    {
        if ($this->security->isGranted('ROLE_ADMIN')) {
            $response = new RedirectResponse($this->router->generate('YOURCoreBundle_adminpage'));
        } elseif ($this->security->isGranted('ROLE_USER')) {
            $response = new RedirectResponse($this->router->generate('YOURBundle_userpage'));
        } else {
            $response = new RedirectResponse($this->router->generate('YOURCoreBundle_homepage'));
        }

        $event->setResponse($response);
    }
}

and in services.xml add

<parameters>
    <parameter key="yourbundle.listener.login.class">Your\NameBundle\EventListener\SecurityListener</parameter>
</parameters>

<services>
    <service id="yourbundle.listener.login" class="%yourbundle.listener.login.class%">
        <tag name="kernel.event_listener" event="security.interactive_login" method="onSecurityInteractiveLogin"/>
        <argument type="service" id="router"/>
        <argument type="service" id="security.context"/>
        <argument type="service" id="event_dispatcher"/>
    </service>
</services>

来源：https://stackoverflow.com/questions/18779655/fosuserbundle-admin-area-not-accessible-after-login