From 1522de7c4143081275ad6bd5fa5e872116a135d4 Mon Sep 17 00:00:00 2001 From: Jonathan Johnson Date: Thu, 11 Sep 2014 23:53:41 -0700 Subject: [PATCH 1/4] Caution that roles should start with ROLE_ In order to save someone else a few hours of frustration make it clear that the ROLE_ preface is not just for show. --- cookbook/security/entity_provider.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cookbook/security/entity_provider.rst b/cookbook/security/entity_provider.rst index 5943ea396c5..7a63b2c5dfa 100644 --- a/cookbook/security/entity_provider.rst +++ b/cookbook/security/entity_provider.rst @@ -651,6 +651,11 @@ about in this section. If you fail to return any roles, it may appear as if your user isn't authenticated at all. +.. caution:: + + The default role voter requires that all of the roles returned should be prefaced by ROLE_. + Example ROLE_ADMIN, ROLE_USER; not just ADMIN or USER. + In this example, the ``AcmeUserBundle:User`` entity class defines a many-to-many relationship with a ``AcmeUserBundle:Role`` entity class. A user can be related to several roles and a role can be composed of From 9d1393012b6fab4b877005dff9e00b38f0d98407 Mon Sep 17 00:00:00 2001 From: Jonathan Johnson Date: Fri, 12 Sep 2014 10:24:44 -0700 Subject: [PATCH 2/4] Add formatting, links, and clarity --- cookbook/security/entity_provider.rst | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/cookbook/security/entity_provider.rst b/cookbook/security/entity_provider.rst index 7a63b2c5dfa..ae32cc78a4c 100644 --- a/cookbook/security/entity_provider.rst +++ b/cookbook/security/entity_provider.rst @@ -653,8 +653,11 @@ about in this section. .. caution:: - The default role voter requires that all of the roles returned should be prefaced by ROLE_. - Example ROLE_ADMIN, ROLE_USER; not just ADMIN or USER. + In order to work with the security configuration examples on this page + all roles must be prefixed with ``ROLE_`` (see + the :ref:`section about roles ` in the book). For + example, your roles will be ``ROLE_ADMIN`` or ``ROLE_USER`` instead of + ``ADMIN`` or ``USER``. In this example, the ``AcmeUserBundle:User`` entity class defines a many-to-many relationship with a ``AcmeUserBundle:Role`` entity class. From f856641f455185c248cd69764bd62ce52be83f1e Mon Sep 17 00:00:00 2001 From: Jonathan Johnson Date: Fri, 12 Sep 2014 13:52:22 -0700 Subject: [PATCH 3/4] Add label book-security-roles --- book/security.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/book/security.rst b/book/security.rst index c4f259c874f..f0718250306 100644 --- a/book/security.rst +++ b/book/security.rst @@ -1652,6 +1652,8 @@ the default for the firewall as a whole). For more information about user provider and firewall configuration, see the :doc:`/reference/configuration/security`. +.. _book-security-roles: + Roles ----- @@ -1726,7 +1728,7 @@ Access Control Now that you have a User and Roles, you can go further than URL-pattern based authorization. -.. _book-security-securing-controller: +..book-security-securing-controller: Access Control in Controllers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From 749996bf54b7b654c661d264e92d20298518bbbd Mon Sep 17 00:00:00 2001 From: Jonathan Johnson Date: Fri, 12 Sep 2014 14:18:39 -0700 Subject: [PATCH 4/4] Fix reference label --- book/security.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/security.rst b/book/security.rst index f0718250306..a2fb093e373 100644 --- a/book/security.rst +++ b/book/security.rst @@ -1728,7 +1728,7 @@ Access Control Now that you have a User and Roles, you can go further than URL-pattern based authorization. -..book-security-securing-controller: +.. _book-security-securing-controller: Access Control in Controllers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~