Symfony2 - Why voters are called even for SuperAdmins

About

Asked 5/8, 2013 at 14:14 Answered 5/8, 2013 at 14:45

Solved security symfony roles symfony-security

I noticed that my voters are solicited even for SuperAdmin users.

Is it working as expected ?

If yes, I thought that the philosophy of SuperAdmin is that they systematically have all rights, so that we don't have to give them each permission one by one. In that case why not granting access to all voters ?

Do I always have to put

if ($user->isSuperAdmin()) {
    return VoterInterface::ACCESS_GRANTED;
}

in my voters ?

Keil answered 5/8, 2013 at 14:14 Comment(3)

ROLE_SUPER_ADMIN is only a convention, and defined through the role hierarchy. So you have to made the check. – Veljkov 5/8, 2013 at 14:29

It is indeed a convention but not only. It is automatically granted to all roles without specifying it in the hierarchy. It even gets his own isSuperAdmin() check already implemented. – Keil 5/8, 2013 at 14:39

nope, it's not hardcoded in the framework. The isSuperAdmin() check is provided by the FOSUserBundle, in which this role is "hardcoded". – Veljkov 5/8, 2013 at 14:51

In the IddqdVoter class, you have a special role called ROLE_IDDQD.

This voter adds a special role ROLE_IDDQD which effectively bypasses any, and all security checks (including voters).

This is what you're looking for. More : IDDQD Voter

You can even set an alias for the IDDQD role, so I guess that you can alias the ROLE_SUPER_ADMIN to the ROLE_IDDQD. If you can't do that, simply grant the ROLE_SUPER_ADMIN the ROLE_IDDQD and you're ready to go.

In order to use this special role, you'll have to enable it by doing so :

#config.yml
jms_security_extra:
    enable_iddqd_attribute: true

Bobbi answered 5/8, 2013 at 14:45 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags