Home/ Questions/Q 8093627
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T20:32:30+00:00

I’m working on managing access for users to some pages on my site. I

  • 0

I’m working on managing access for users to some pages on my site. I have 1 type of fully authenticated users (role: ROLE_MEMBER, based on ROLE_USER) and, of course, anonymous users too.

Let’s say I have 2 pages (/index, /account) on the site, both with secure: true. Let’s say /index requires role: IS_AUTHENTICATED_ANONYMOUSLY and /account requires role: IS_AUTHENTICATED_FULLY (for ROLE_MEMBER).

I want to show special “account menu” for logged in members on both pages, so in template i check is_granted('ROLE_MEMBER').

That works great for /account, of course. The problem, when member is navigated to /index (which is “anonymous” page) function is_granted('ROLE_MEMBER') returns 0, and is_granted('IS_AUTHENTICATED_ANONYMOUSLY') returns 1. When members navigates to /account again, everything works without reentering password (that means member still not logged out).

So, the question is how to detect what member is logged in user inside template for /index page?

UPDATED.
@alessandro1997 here is my app/config/security.yml configuration

security:
    encoders:
        AG\MemberBundle\Entity\Member:
            id: member_saltedpassword_encoder

    role_hierarchy:
        ROLE_MEMBER: ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_MEMBER, ROLE_ALLOWED_TO_SWITCH]

    providers:
        member_db:
            entity: { class: AGMemberBundle:Member, property: email }

    firewalls:
        members:
            pattern:  ^/account
            security: true
            form_login: 
                login_path: /account/login
                check_path: /account/login/check
                post_only: true
                username_parameter:  _email
                password_parameter:  _password
                default_target_path: /account/
                always_use_default_target_path: true
                # csrf token options
                csrf_parameter: _csrf_token
                intention: authenticate
            provider: member_db
            logout:
                path: /account/logout
                target: /
            remember_me:
                key:      "qwewqeqwerwxeweqweqwe"
                lifetime: 3600
                path:     /
                domain:   ~ # Defaults to the current domain from $_SERVER
        pages:
            pattern: ^/
            security: true
            anonymous: ~

    access_control:
        - { path: ^/account, roles: IS_AUTHENTICATED_FULLY }
        - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s happening because You are using two separate firewalls and You authenticate user only to one firewall – they are completely separate security systems. You should set up only one firewall and use access_control with diffrent roles signed.

    I’ve had very similar problem – check it out here -> Symfony 2 – firewall and access control issue

    • 0