Alright, well, it looks like I misunderstood how roles are actually used by
this bundle. Now that I've looked into it while not half asleep and I've
more closely examined the code, it actually makes a lot more sense why it's
done this way, and it's far easier than I was making it. Now I just feel
silly. :) You have to explicitly add roles to each user and then store them
in the database.
For example, to add the ROLE_MEMBER role to Carl:
$userManager = $this->container->get('fos_user.user_manager');
$user = $userManager->findUserBy(array('username' => 'Carl'));
$user->addRole('ROLE_MEMBER');
$userManager->updateUser($user); // persists the object
The role hierarchy only appears to apply when determining the access_control
portion of security.yml. Perhaps that's the case for the built-in security
component too and I just misunderstood portions of the documentation, which
seems likely. The only problem I have now is updating the user's session
when there are changes in roles while they're logged in (I doubt this is
difficult -- I just haven't looked it up yet).
Apparently I was more tired yesterday than I thought. It all makes sense
today... ;)
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
