8000 Confusing key roles in security.yaml > access_control · Issue #31328 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

Confusing key roles in security.yaml > access_control #31328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
TomPradat opened this issue Apr 30, 2019 · 6 comments
Closed

Confusing key roles in security.yaml > access_control #31328

TomPradat opened this issue Apr 30, 2019 · 6 comments
Labels
Feature SecurityBundle

Comments

@TomPradat
Copy link

Description
I know this is not a new topic but I find the key roles in the access_control part very disturbing, i spend hours to understand that i can put attributes there too.

I think this is not clear in the documentation.

Maybe we should juste update the documentation to make it clear or change the key name for something else
@TomPradat
Copy link
Author

This is related to #21029

@linaori
Copy link
Contributor
linaori commented Apr 30, 2019

In particular relates to my comment in #21029 (comment): Problem 2 - Unintuitive behavior

@chalasr
Copy link
Member
chalasr commented Apr 30, 2019

👍 for renaming

@wouterj
Copy link
Member
wouterj commented Mar 15, 2020

I'm all in for renaming, but I don't think we've yet come up with a great alternative (we're also struggling with this in the documentation).

attribute is imho not very describing (and in fact confusing, as Token#getAttributes() is not related to this attribute concept, see also e.g. symfony/symfony-docs#4158).

@mab05k
Copy link
mab05k commented Apr 12, 2020

Is this syntax for configuring roles no longer acceptable? (since upgrading from 4.4.x to 5.x.x)

    access_control:
        - path: ^/api/instruments.*
          roles:
            - ROLE_PERFORMANCE_READ
            - ROLE_ACCOUNT_READ
            - ROLE_CONFIGURATION_READ
          methods: [ GET ]

Replacing the roles section with

allow_if: "is_granted('ROLE_PERFORMANCE_READ') or is_granted('ROLE_ACCOUNT_READ') or is_granted('ROLE_CONFIGURATION_READ')"

seems to fix my issue, but seems less intuitive and is not well documented.

@linaori
Copy link
Contributor
linaori commented Apr 12, 2020

@mab05k should be fixed in 5.0.8: #36283

@xabbuh xabbuh closed this as completed Apr 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature SecurityBundle
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@wouterj @linaori @xabbuh @chalasr @mab05k @TomPradat
0