Preventing users login from non authorized area

2019-06-08 13:36发布

站内问答 / PHP
964 2 6

To avoid me 403 errors when a user tries to access a forbidden area and avoid user sign in into that area I need to prevent users from logging if do not have the proper credentials.

Let me explain a little better, suppose I'm the X user ROLE_USER, user X can access the frontend but should not be able to log into the backend, just as we have the user Y and ROLE_ADMIN, user Y could log into the backend but not in the frontend, do understand me? How I can accomplish this?

2条回答
女痞
2楼-- · 2019-06-08 13:44

Assuming that your routes are correctly secured, you have to hide / show links to restricted areas in your twig templates.

From the Symfony2 doc :

{% if is_granted('ROLE_ADMIN') %}
    <a href="...">LogIntoBackend</a>
{% endif %}

Related :

查看更多
0人赞 添加讨论(0) 举报
霸刀☆藐视天下
3楼-- · 2019-06-08 14:01

lets assume that I'm user Adam with role 'ROLE_ADMIN'. I can't login to frontend.

You should simple add this code to your controllers:

  if( $this->get('security.context')->isGranted('YOUR ROLE') )
            return new Response('yea!');

So, If you want to secure BackendController and let to login users with 'ROLE_ADMIN' you should add this code:

if( $this->get('security.context')->isGranted('ROLE_ADMIN') )
                return new Response('You are granted to see this site.');

This code checks if current user (me) has role ROLE_ADMIN. If you want to check if user has 'ROLE_ADMIN' AND doesn't have 'ROLE_USER' just add:

$security = $this->get('security.context');
if( $security->isGranted('ROLE_ADMIN') && !$security->isGranted('ROLE_USER') )
                    return new Response('You are not granted to see this site.');
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)