问题
I have a security.yaml like this:
api_documentary:
pattern: ^/api/v1/documentary
fos_oauth: true
stateless: false
methods: [POST, PUT, DELETE]
- { path: ^/api/v1/documentary, roles: IS_AUTHENTICATED_ANONYMOUSLY }
I want the firewall to be on (accessed by access token) on the following routes ^/api/v1/documentary POST, PUT, DELETE
I want the firewall to be off on the routes: GET
and GET ALL
If I exclude GET from methods: []
above I can access them publicly, however something weird happens:
The isGranted doesn't work, even though the user has the following roles [ROLE_USER, ROLE_ADMIN] it doesn't seem to notice.
if (!$this->isGranted('ROLE_ADMIN')) {
return new JsonResponse("Not granted");
}
If I add to api_documentary:
methods: [GET, POST, PUT, DELETE]
isGranted
works but the GET
method will no longer be public.
来源:https://stackoverflow.com/questions/57418830/symfony-isgrantedrole-admin-not-working-properly