I'm new to Symfony 3. I'm trying to configure the routes that users and admins can access. I have two roles: ROLE_USER
and ROLE_ADMIN
, I've configured my security.xml
as follows:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: ROLE_ADMIN
access_control:
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/, role: ROLE_USER }
I want to allow the ROLE_ADMIN
users to access all routes except login
.
And I want to allow the ROLE_USER
users to access all routes except login
and admin
I'm not sure why, but it looks like all ROLE_ADMIN
users also receive the ROLE_USER
. And I've set the ROLE_USER
to access all routes (by setting ^/
in its path) which includes the /admin
and /login
routes.
The question is: how can I set the path to correctly disallow ROLE_USER
from accessing the /admin
and /login
routes?