New in Symfony 2.7: Inherited security roles in the web profiler
Symfony 2.6 was released less than a month ago, but we are already working hard on new features for Symfony 2.7. The first significant new feature is related to hierarchical security roles.
In Symfony applications, you can define a hierarchy of security roles to avoid associating many roles to users. Consider the following simple example:
1 2 3 4
# app/config/security.yml security: role_hierarchy: ROLE_ADMIN: [ROLE_USER, FEATURE_ALPHA, ROLE_ALLOWED_TO_SWITCH]
This configuration tells Symfony that whenever a user is granted with the
ROLE_ADMIN role, he/she is implicitly granted the
ROLE_ALLOWED_TO_SWITCH roles too.
However, when you browse the Security panel of the Symfony Profiler, you can only see the user's roles but not the inherited roles. Since this last information is very useful, in Symfony 2.7 you'll get the full security role information for the user, including the direct roles and the inherited ones:
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.