I have a application with frontend and backend sides. Both share the same FOSUserBundle users table. The logic behind the application I'm working on doesn't allow "admin" (ROLE_ADMIN
or group ADMIN
) to be logged in at frontend so I need to catch on login flow whether the user belongs to group ADMIN
or has ROLE_SUPERADMIN
or ROLE_ADMIN
credentials. I think this could be done in someway on the Security flow from Symfony2 itself, but how? What I need to do to catch that and if user belongs redirect to login form (from FOSUserBundle) or allow it to get into the frontend? Any help? Some code? Examples?
security.yml
file content:
Regarding user answer this is how my security.yml
file is configured:
role_hierarchy:
ROLE_USER: ROLE_USER
ROLE_ADMIN: ROLE_ADMIN
access_control:
# Anonymous area
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/registro, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/cedula, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/rif, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/correo, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/usuario, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/razon_social, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/registro_mercantil, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/padre, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/correo_alternativo, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/paises, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/estados, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/ciudades, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/municipios, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/parroquias, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/empresas, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Secured area
- { path: ^/, role: ROLE_USER }
- { path: ^/admin, role: ROLE_ADMIN }
But users with ROLE_ADMIN
can still login in frontend (/
) and them shouldn't right? What's wrong then?