Symfony2 - Why voters are called even for SuperAdmins

StackOverflow https://stackoverflow.com/questions/18060443

Question

I noticed that my voters are solicited even for SuperAdmin users.

Is it working as expected ?

If yes, I thought that the philosophy of SuperAdmin is that they systematically have all rights, so that we don't have to give them each permission one by one. In that case why not granting access to all voters ?

Do I always have to put

if ($user->isSuperAdmin()) {
    return VoterInterface::ACCESS_GRANTED;
}

in my voters ?

Was it helpful?

Solution

In the IddqdVoter class, you have a special role called ROLE_IDDQD.

This voter adds a special role ROLE_IDDQD which effectively bypasses any, and all security checks (including voters).

This is what you're looking for. More : IDDQD Voter

You can even set an alias for the IDDQD role, so I guess that you can alias the ROLE_SUPER_ADMIN to the ROLE_IDDQD. If you can't do that, simply grant the ROLE_SUPER_ADMIN the ROLE_IDDQD and you're ready to go.

In order to use this special role, you'll have to enable it by doing so : 

#config.yml
jms_security_extra:
    enable_iddqd_attribute: true
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top