0
問題は...Symfony ADMIN_ROLEがSUPER_ADMIN_ROLEを偽装するのを防ぐにはどうすればよいですか?
すべてのユーザーを偽装するようにADMIN_ROLEを構成しました。 しかし、私はSUPER_AMIN_ROLEを持っています。新しいADMINを追加して、いくつかの重要なアプリケーションを変更することができます。
これらのADMIN_ROLEが自分のアカウントを偽装するのを防ぐにはどうすればよいですか?
# To get started with security, check out the documentation:
# http://symfony.com/doc/current/book/security.html
security:
encoders:
AppBundle\Entity\Cliente: bcrypt
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
our_db_provider:
entity:
class: AppBundle:Cliente
property: cpf
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
anonymous: ~
form_login:
login_path: login
check_path: login
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
# form_login: ~
# http://symfony.com/doc/current/cookbook/security/form_login_setup.html
logout:
path: /logout
target: /login
invalidate_session: true
remember_me:
secret: ~damMe~HIDDED
lifetime: ~damMe~HIDDED
path: /dashboard
switch_user: { role: ROLE_ADMIN }
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/cadastro, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/dashboard, roles: IS_AUTHENTICATED_REMEMBERED }
- { path: ^/cliente, roles: [ IS_AUTHENTICATED_FULLY, USER_ROLE ] }
- { path: ^/indicados, roles: [ IS_AUTHENTICATED_FULLY, USER_ROLE ] }
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
role_hierarchy:
ROLE_ADMIN: [ROLE_USER, ROLE_REGIONAL, ROLE_ALLOWED_TO_SWITCH]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]