fosuserbundle - Symfony impersonation - separate firewalls and separate user providers -
i have symfony application 2 firewalls, 1 admins , 1 normal users.
admin: provider: admin # etc main_site: form_login: provider: fos_userbundle csrf_provider: form.csrf_provider i'd admin users able impersonate normal users. how can this, given they're using separate firewalls , separate user providers?
there several things had work.
context key: described here, had give both firewalls same context. without this, admins taken login page when trying switch users.
config on both firewalls: had add basic switch_user configuration keys both firewalls:
switch_user: role: role_admin if put config on main_site firewall, admins got access denied message when exiting impersonation , going admin page. (for example, route /admin/dashboard?_switch_user=_exit give 403).
provider key on main_site's config:
main_site: switch_user: role: role_admin provider: fos_userbundle without this, got error "switch user failed - user@example.com not found". digging code, turned out admin user provider being used, , of course normal users couldn't found when using provider.
(provider key switch_user config discussed here.)
alternatively, have added provider key firewall itself:
main_site: switch_user: role: role_admin provider: fos_userbundle you'll see config in question fos_userbundle specified provider form_login, not main_site whole, why wasn't being used until added it. adding in either place (impersonation config or whole firewall) trick.
here's full set of relevant config:
admin: provider: admin # have put basic switch_user config on both firewalls switch_user: role: role_admin # both admin , main_site firewalls have same context, allow # cross-firewall impersonation # https://stackoverflow.com/a/17991481/328817 context: boardworks main_site: form_login: provider: fos_userbundle csrf_provider: form.csrf_provider switch_user: role: role_admin # have explicitly set provider, otherwise site use admin # user provider when looking users whom admins trying impersonate provider: fos_userbundle # rather adding provider above, have added here: #provider: fos_userbundle 
Comments
Post a Comment