0

I've just upgraded my sylius install to the latest version and have tried to introduce some authorization elements to my code.

So i'm adding a custom role to the security.yml file

- { path: "^/pro-account.*", role: ROLE_PRO }

The only problem is, the access control doesn't update to match the new role granted to the user. When i navigate to a page with the route - app_dev.php/pro-account/providers/ I'm given an access denied page.

In the account area, i have changed the menu provider to show extra menu items depending on the role. So the code if ($this->tokenStorage->getToken()->getUser()->hasRole('ROLE_PRO')) { correctly identifies the user as a ROLE_PRO user. But the access control system doesn't.

The annoying bit is, if i logout then log back in it works. I just don't know how to correctly refresh the token. I would have thought it would automatically do this.

Do i need to add some additional code to my addRole code

$user = $this->get('security.token_storage')->getToken()->getUser();

$user->addRole('ROLE_ADSUP_PRO');

$em = $this->getDoctrine()->getManager();
$em->persist($user);
$em->flush();
Brett
  • 1,951
  • 2
  • 28
  • 35

2 Answers2

0

So the temporary solution that i've found is to recreate the token after adding the new role to the user

$token = new \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken(
  $user,
  null,
  'shop',
  $user->getRoles()
);

$this->container->get('security.context')->setToken($token);
Brett
  • 1,951
  • 2
  • 28
  • 35
0

maybe this parameter is enough no ? https://stackoverflow.com/a/28781869

security:
    always_authenticate_before_granting: true
Community
  • 1
  • 1
Nicolas A.
  • 11
  • 1
  • tried that it didn't change anything, might try it again and make sure i do a cache clear – Brett Aug 31 '16 at 13:00