Category: roles

How to protect api plateform operations with privileges

I have an api plateform project (symfony) that contain an entity User with column Roles(array), I have 3 ROLES: ROLE_USER, ROLE_COMMERCIAL, ROLE_ADMIN, I am protecting my operations likes this: "get"={ "access_control"="is_granted(‘ROLE_ADMIN’)", "security_post_denormalize_message"="Sorry, Only admins can View Users List" } But…

Symfony: "Array to string conversion" error on Roles management

I’ve started exploring security on Symfony 4.4.7. User creation works and I can see its params saved on DB: MariaDB [(symfony)]> desc user; +———-+————–+——+—–+———+—————-+ | Field | Type | Null | Key | Default | Extra | +———-+————–+——+—–+———+—————-+ | id…

Symfony 5 : @IsGranted on method annotation doesn’t work on inherited role

I (obviously) searched for similar problems, but mine ain’t none of them. Here’s my case : I made a custom role : ROLE_SUPER_ADMIN My actual user is admin, his only role is ROLE_SUPER_ADMIN The role ROLE_SUPER_ADMIN inherits the ROLE_ADMIN (see…