DEVHIDE
Login Or Sign up

Symfony 403 thrown with correct role

282 Views Asked by At

Weird issue here.

I have a 403 error when I try to access a endpoint of my API whereas the users's role is correct.

Here's my route's annotation (I'm using FosRestBundle)

/**
* @Rest\Get("home/{id}/versions", requirements={"id"="\d+"})
* @Security("has_role('ROLE_ADMIN_HOME_VIEW')")
* @Rest\View()
*/

The Symfony Profiler tells me that the route is correctly matched and that I have the requested role, here's the list of inherited roles But an AccessDeniedHttpException exception is thrown.

Obviously, if I remove the @Security line from my annotation, everything is fine.

But the most frustrating part is that I have another similar route in the same controller that is working, with same security requirements, here is its annotation.

/**
* @Rest\Get("/home/{locale}/{version}", requirements={"version"="\d+", "locale"="[a-z]{2}"} , defaults={"version" = null})")
* @Security("has_role('ROLE_ADMIN_HOME_VIEW')")
* @Rest\View()
*/
symfony symfony-security symfony-routing
Original Q&A
1

There are 1 best solutions below

0
On

The problem is my role_hierarchy list syntax.

Here the faulty one : 

  role_hierarchy:
    ROLE_ADMIN: ROLE_USER
    ROLE_SUPER_ADMIN:
      ROLE_ADMIN
      ROLE_ADMIN_SPEAKER_VIEW
      ROLE_ADMIN_SPEAKER_CREATE
      ROLE_ADMIN_SPEAKER_EDIT
      ROLE_ADMIN_SPEAKER_DELETE
      ROLE_ADMIN_PAGE_VIEW
      ROLE_ADMIN_PAGE_CREATE
      ROLE_ADMIN_PAGE_EDIT
      ROLE_ADMIN_PAGE_DELETE
      ROLE_ADMIN_NEWS_VIEW
      ROLE_ADMIN_NEWS_CREATE
      ROLE_ADMIN_NEWS_EDIT
      ROLE_ADMIN_NEWS_DELETE
      ROLE_ADMIN_USER_VIEW
      ROLE_ADMIN_USER_CREATE
      ROLE_ADMIN_USER_EDIT
      ROLE_ADMIN_USER_DELETE
      ROLE_ADMIN_CONTENT_VIEW
      ROLE_ADMIN_CONTENT_CREATE
      ROLE_ADMIN_CONTENT_EDIT
      ROLE_ADMIN_CONTENT_DELETE
      ROLE_ADMIN_HOME_VIEW
      ROLE_ADMIN_HOME_CREATE
      ROLE_ADMIN_HOME_EDIT
      ROLE_ADMIN_HOME_DELETE
    ROLE_GOD: ROLE_SUPER_ADMIN

Here the correct one :

  role_hierarchy:
    ROLE_ADMIN: ROLE_USER
    ROLE_SUPER_ADMIN:
      - ROLE_ADMIN
      - ROLE_ADMIN_SPEAKER_VIEW
      - ROLE_ADMIN_SPEAKER_CREATE
      - ROLE_ADMIN_SPEAKER_EDIT
      - ROLE_ADMIN_SPEAKER_DELETE
      - ROLE_ADMIN_PAGE_VIEW
      - ROLE_ADMIN_PAGE_CREATE
      - ROLE_ADMIN_PAGE_EDIT
      - ROLE_ADMIN_PAGE_DELETE
      - ROLE_ADMIN_NEWS_VIEW
      - ROLE_ADMIN_NEWS_CREATE
      - ROLE_ADMIN_NEWS_EDIT
      - ROLE_ADMIN_NEWS_DELETE
      - ROLE_ADMIN_USER_VIEW
      - ROLE_ADMIN_USER_CREATE
      - ROLE_ADMIN_USER_EDIT
      - ROLE_ADMIN_USER_DELETE
      - ROLE_ADMIN_CONTENT_VIEW
      - ROLE_ADMIN_CONTENT_CREATE
      - ROLE_ADMIN_CONTENT_EDIT
      - ROLE_ADMIN_CONTENT_DELETE
      - ROLE_ADMIN_HOME_VIEW
      - ROLE_ADMIN_HOME_CREATE
      - ROLE_ADMIN_HOME_EDIT
      - ROLE_ADMIN_HOME_DELETE
    ROLE_GOD: ROLE_SUPER_ADMIN

To bad no error were thrown about it though.

Related Questions in SYMFONY

Related Questions in SYMFONY-SECURITY

Related Questions in SYMFONY-ROUTING

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.