{"id":552,"date":"2020-01-25T12:32:15","date_gmt":"2020-01-25T11:32:15","guid":{"rendered":"https:\/\/numa-bord.com\/miniblog\/?p=552"},"modified":"2020-01-25T13:48:04","modified_gmt":"2020-01-25T12:48:04","slug":"symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible","status":"publish","type":"post","link":"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/","title":{"rendered":"Symfony 5 : Limiter la possibilit\u00e9 de \u00ab\u00a0switch_user\u00a0\u00bb en fonction du r\u00f4le de l&rsquo;utilisateur cible."},"content":{"rendered":"<p>Il existe dans Symfony une fonctionnalit\u00e9 permettant \u00e0 certains utilisateurs de \u00ab\u00a0se connecter en tant que\u00a0\u00bb n&rsquo;importe quel autre utilisateur (<a href=\"https:\/\/symfony.com\/doc\/current\/security\/impersonating_user.html\">Documentation<\/a>). Cette fonctionnalit\u00e9 est tr\u00e8s utile pour que les administrateurs puissent se connecter sur le compte d&rsquo;un client et v\u00e9rifier les \u00e9ventuels dysfonctionnements qui le concerne. <\/p>\n<p>Cependant, dans son fonctionnement par d\u00e9faut, d\u00e9s que l&rsquo;on attribut le r\u00f4le \u00ab\u00a0ROLE_ALLOWED_TO_SWITCH\u00a0\u00bb \u00e0 un utilisateur il peux se connecter sur tout les autres utilisateurs existants. Cela peux s&rsquo;av\u00e9rer critique pour la s\u00e9curit\u00e9 de l&rsquo;application, l&rsquo;utilisateur pouvant alors gagner tous les privil\u00e8ges. Concr\u00e8tement si l&rsquo;on prends un cas assez simple d&rsquo;une application avec 3 r\u00f4les utilisateurs principaux : \u00ab\u00a0ROLE_USER\u00a0\u00bb, \u00ab\u00a0ROLE_ADMIN\u00a0\u00bb, \u00ab\u00a0ROLE_SUPERADMIN\u00a0\u00bb et que l&rsquo;on d\u00e9finis la hi\u00e9rarchie comme ceci :<\/p>\n<div class=\"codecolorer-container yaml default\" style=\"overflow:auto;white-space:nowrap;\"><div class=\"yaml codecolorer\"><span class=\"co4\">security<\/span><span class=\"sy2\">:<br \/>\n<\/span> &nbsp; &nbsp;<span class=\"co1\"># ...<\/span><span class=\"co4\"><br \/>\n&nbsp; &nbsp; firewalls<\/span>:<span class=\"co4\"><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; main<\/span><span class=\"sy2\">:<br \/>\n<\/span> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<span class=\"co1\"># on active la fonctionnalit\u00e9 &quot;switch_user&quot;<\/span><span class=\"co3\"><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; switch_user<\/span><span class=\"sy2\">: <\/span>true &nbsp;<br \/>\n&nbsp; &nbsp; <span class=\"co1\"># <\/span><span class=\"co4\"><br \/>\n&nbsp; &nbsp; role_hierarchy<\/span>:<span class=\"co3\"><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; ROLE_ADMIN<\/span><span class=\"sy2\">: <\/span> &nbsp; &nbsp; &nbsp;<span class=\"br0\">&#91;<\/span>ROLE_USER, ROLE_ALLOWED_TO_SWITCH<span class=\"br0\">&#93;<\/span><span class=\"co3\"><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; ROLE_SUPER_ADMIN<\/span><span class=\"sy2\">: <\/span>ROLE_ADMIN<\/div><\/div>\n<p>Cela signifie que les administrateur et les superadmin pourront se connecter sur n&rsquo;importe quel utilisateur. Mais cela implique que les simples administrateurs pourront devenir \u00ab\u00a0superadmin\u00a0\u00bb et donc avoir des droits auxquels in n&rsquo;ont normalement pas acc\u00e8s. Nous allons voir comment limiter cela.<\/p>\n<p>L&rsquo;objectif est le suivant : les administrateurs \u00ab\u00a0ROLE_ADMIN\u00a0\u00bb peuvent se connecter sur tous les autres utilisateurs (user et administrateur) mais pas sur les superadmin. Pour les superadmin rien ne change, ils ont tous les acc\u00e8s.<br \/>\nLa documentation de symfony explique la marche \u00e0 suivre dans sa section <a href=\"https:\/\/symfony.com\/doc\/current\/security\/impersonating_user.html#limiting-user-switching\">limiting user switching<\/a>. En suivant ce mod\u00e8le on va donc modifier notre configuration sur 2 points : la propri\u00e9t\u00e9 \u00ab\u00a0switch_user\u00a0\u00bb \u00e0 qui on affecte un attribut \u00ab\u00a0CAN_SWITCH_USER\u00a0\u00bb et on supprime de notre hi\u00e9rarchie le \u00ab\u00a0ROLE_ALLOWED_TO_SWITCH\u00a0\u00bb qui n&rsquo;a plus d&rsquo;utilit\u00e9 :<\/p>\n<div class=\"codecolorer-container yaml default\" style=\"overflow:auto;white-space:nowrap;\"><div class=\"yaml codecolorer\"><span class=\"co4\">security<\/span><span class=\"sy2\">:<br \/>\n<\/span> &nbsp; &nbsp;<span class=\"co1\"># ...<\/span><span class=\"co4\"><br \/>\n&nbsp; &nbsp; firewalls<\/span>:<span class=\"co4\"><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; main<\/span>:<span class=\"co3\"><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; switch_user<\/span><span class=\"sy2\">: <\/span><span class=\"br0\">&#123;<\/span> role<span class=\"sy2\">: <\/span>CAN_SWITCH_USER <span class=\"br0\">&#125;<\/span><br \/>\n&nbsp; &nbsp; <span class=\"co1\"># <\/span><span class=\"co4\"><br \/>\n&nbsp; &nbsp; role_hierarchy<\/span>:<span class=\"co3\"><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; ROLE_ADMIN<\/span><span class=\"sy2\">: <\/span> &nbsp; &nbsp; &nbsp;ROLE_USER<span class=\"co3\"><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; ROLE_SUPER_ADMIN<\/span><span class=\"sy2\">: <\/span>ROLE_ADMIN<\/div><\/div>\n<p>Pour la suite, on se base toujours sur la documentation pour cr\u00e9er le \u00ab\u00a0Voter\u00a0\u00bb correspondant, mais on se trouve confront\u00e9 \u00e0 un probl\u00e8me. On veux connaitre le r\u00f4le de l&rsquo;utilisateur cible pour limiter l\u2019acc\u00e8s si il est superadmin. Pour faire les choses proprement avec une hi\u00e9rarchie des r\u00f4les r\u00e9ellement prise en charge on va utiliser notre service personnalis\u00e9 \u00ab\u00a0Securizer\u00a0\u00bb permettant d&rsquo;utiliser la m\u00e9thode \u00ab\u00a0isGranted\u00a0\u00bb sur n&rsquo;importe quel utilisateur. Des pr\u00e9cisions sur l&rsquo;utilit\u00e9 de ce service sont expliqu\u00e9 dans <a href=\"https:\/\/numa-bord.com\/miniblog\/symfony-5-utiliser-la-fonction-isgranted-sur-nimporte-quel-objet-utilisateur\/\">l&rsquo;article pr\u00e9c\u00e9dent<\/a>. Mais pour faire simple il suffit de cr\u00e9er le service suivant :<\/p>\n<div class=\"codecolorer-container php default\" style=\"overflow:auto;white-space:nowrap;\"><div class=\"php codecolorer\"><span class=\"kw2\">namespace<\/span> App\\Service<span class=\"sy0\">;<\/span><br \/>\n<br \/>\n<span class=\"kw2\">use<\/span> App\\Entity\\User<span class=\"sy0\">;<\/span><span class=\"co1\">\/\/l'entit\u00e9 user de notre aplication<\/span><br \/>\n<span class=\"kw2\">use<\/span> Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken<span class=\"sy0\">;<\/span><br \/>\n<span class=\"kw2\">use<\/span> Symfony\\Component\\Security\\Core\\Authorization\\AccessDecisionManagerInterface<span class=\"sy0\">;<\/span><br \/>\n<br \/>\n<span class=\"kw2\">class<\/span> Securizer <span class=\"br0\">&#123;<\/span><br \/>\n<br \/>\n&nbsp; &nbsp; <span class=\"kw2\">private<\/span> <span class=\"re0\">$accessDecisionManager<\/span><span class=\"sy0\">;<\/span><br \/>\n<br \/>\n&nbsp; &nbsp; <span class=\"kw2\">public<\/span> <span class=\"kw2\">function<\/span> __construct<span class=\"br0\">&#40;<\/span>AccessDecisionManagerInterface <span class=\"re0\">$accessDecisionManager<\/span><span class=\"br0\">&#41;<\/span> <span class=\"br0\">&#123;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"re0\">$this<\/span><span class=\"sy0\">-&gt;<\/span><span class=\"me1\">accessDecisionManager<\/span> <span class=\"sy0\">=<\/span> <span class=\"re0\">$accessDecisionManager<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; <span class=\"br0\">&#125;<\/span><br \/>\n<br \/>\n&nbsp; &nbsp; <span class=\"kw2\">public<\/span> <span class=\"kw2\">function<\/span> isGranted<span class=\"br0\">&#40;<\/span>User <span class=\"re0\">$user<\/span><span class=\"sy0\">,<\/span> <span class=\"re0\">$attribute<\/span><span class=\"sy0\">,<\/span> <span class=\"re0\">$object<\/span> <span class=\"sy0\">=<\/span> <span class=\"kw4\">null<\/span><span class=\"br0\">&#41;<\/span> <span class=\"br0\">&#123;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"re0\">$token<\/span> <span class=\"sy0\">=<\/span> <span class=\"kw2\">new<\/span> UsernamePasswordToken<span class=\"br0\">&#40;<\/span><span class=\"re0\">$user<\/span><span class=\"sy0\">,<\/span> <span class=\"st_h\">'none'<\/span><span class=\"sy0\">,<\/span> <span class=\"st_h\">'none'<\/span><span class=\"sy0\">,<\/span> <span class=\"re0\">$user<\/span><span class=\"sy0\">-&gt;<\/span><span class=\"me1\">getRoles<\/span><span class=\"br0\">&#40;<\/span><span class=\"br0\">&#41;<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"kw1\">return<\/span> <span class=\"br0\">&#40;<\/span><span class=\"re0\">$this<\/span><span class=\"sy0\">-&gt;<\/span><span class=\"me1\">accessDecisionManager<\/span><span class=\"sy0\">-&gt;<\/span><span class=\"me1\">decide<\/span><span class=\"br0\">&#40;<\/span><span class=\"re0\">$token<\/span><span class=\"sy0\">,<\/span> <span class=\"br0\">&#91;<\/span><span class=\"re0\">$attribute<\/span><span class=\"br0\">&#93;<\/span><span class=\"sy0\">,<\/span> <span class=\"re0\">$object<\/span><span class=\"br0\">&#41;<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; <span class=\"br0\">&#125;<\/span><br \/>\n<br \/>\n<span class=\"br0\">&#125;<\/span><\/div><\/div>\n<p>et de l&rsquo;utiliser das notre Voter pour l&rsquo;attribut \u00ab\u00a0CAN_SWITCH_USER\u00a0\u00bb qui est maintenant facile \u00e0 mettre en place en adaptant l&rsquo;exemple de la documentation, le code complet est le suivant :<\/p>\n<div class=\"codecolorer-container php default\" style=\"overflow:auto;white-space:nowrap;\"><div class=\"php codecolorer\"><span class=\"kw2\">&lt;?php<\/span><br \/>\n<span class=\"kw2\">namespace<\/span> App\\Security\\Voter<span class=\"sy0\">;<\/span><br \/>\n<br \/>\n<span class=\"kw2\">use<\/span> Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface<span class=\"sy0\">;<\/span><br \/>\n<span class=\"kw2\">use<\/span> Symfony\\Component\\Security\\Core\\Authorization\\Voter\\Voter<span class=\"sy0\">;<\/span><br \/>\n<span class=\"kw2\">use<\/span> Symfony\\Component\\Security\\Core\\Security<span class=\"sy0\">;<\/span><br \/>\n<span class=\"kw2\">use<\/span> App\\Service\\Securizer<span class=\"sy0\">;<\/span><br \/>\n<span class=\"kw2\">use<\/span> App\\Entity\\User<span class=\"sy0\">;<\/span><br \/>\n<br \/>\n<span class=\"kw2\">class<\/span> SwitchUserVoter <span class=\"kw2\">extends<\/span> Voter <span class=\"br0\">&#123;<\/span><br \/>\n<br \/>\n&nbsp; &nbsp; <span class=\"kw2\">private<\/span> <span class=\"re0\">$security<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; <span class=\"kw2\">private<\/span> <span class=\"re0\">$securizer<\/span><span class=\"sy0\">;<\/span><br \/>\n<br \/>\n&nbsp; &nbsp; <span class=\"kw2\">public<\/span> <span class=\"kw2\">function<\/span> __construct<span class=\"br0\">&#40;<\/span>Security <span class=\"re0\">$security<\/span><span class=\"sy0\">,<\/span> Securizer <span class=\"re0\">$securizer<\/span><span class=\"br0\">&#41;<\/span> <span class=\"br0\">&#123;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"re0\">$this<\/span><span class=\"sy0\">-&gt;<\/span><span class=\"me1\">security<\/span> <span class=\"sy0\">=<\/span> <span class=\"re0\">$security<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"re0\">$this<\/span><span class=\"sy0\">-&gt;<\/span><span class=\"me1\">securizer<\/span> <span class=\"sy0\">=<\/span> <span class=\"re0\">$securizer<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; <span class=\"br0\">&#125;<\/span><br \/>\n<br \/>\n&nbsp; &nbsp; <span class=\"kw2\">protected<\/span> <span class=\"kw2\">function<\/span> supports<span class=\"br0\">&#40;<\/span><span class=\"re0\">$attribute<\/span><span class=\"sy0\">,<\/span> <span class=\"re0\">$subject<\/span><span class=\"br0\">&#41;<\/span> <span class=\"br0\">&#123;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"kw1\">return<\/span> <a href=\"http:\/\/www.php.net\/in_array\"><span class=\"kw3\">in_array<\/span><\/a><span class=\"br0\">&#40;<\/span><span class=\"re0\">$attribute<\/span><span class=\"sy0\">,<\/span> <span class=\"br0\">&#91;<\/span><span class=\"st_h\">'CAN_SWITCH_USER'<\/span><span class=\"br0\">&#93;<\/span><span class=\"br0\">&#41;<\/span> <span class=\"sy0\">&amp;&amp;<\/span> <span class=\"re0\">$subject<\/span> instanceof User<span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; <span class=\"br0\">&#125;<\/span><br \/>\n<br \/>\n&nbsp; &nbsp; <span class=\"kw2\">protected<\/span> <span class=\"kw2\">function<\/span> voteOnAttribute<span class=\"br0\">&#40;<\/span><span class=\"re0\">$attribute<\/span><span class=\"sy0\">,<\/span> <span class=\"re0\">$subject<\/span><span class=\"sy0\">,<\/span> TokenInterface <span class=\"re0\">$token<\/span><span class=\"br0\">&#41;<\/span> <span class=\"br0\">&#123;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"re0\">$user<\/span> <span class=\"sy0\">=<\/span> <span class=\"re0\">$token<\/span><span class=\"sy0\">-&gt;<\/span><span class=\"me1\">getUser<\/span><span class=\"br0\">&#40;<\/span><span class=\"br0\">&#41;<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"co1\">\/\/l'utilisateur doit \u00eatre connect\u00e9 et la cible doit \u00eatre un utilisateur<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"kw1\">if<\/span> <span class=\"br0\">&#40;<\/span><span class=\"sy0\">!<\/span><span class=\"re0\">$user<\/span> instanceof User <span class=\"sy0\">||<\/span> <span class=\"sy0\">!<\/span><span class=\"re0\">$subject<\/span> instanceof User<span class=\"br0\">&#41;<\/span> <span class=\"br0\">&#123;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <span class=\"kw1\">return<\/span> <span class=\"kw4\">false<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"br0\">&#125;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"co1\">\/\/on ne peux pas se connecter en tant que sois m\u00eame, \u00e7a n'a aucun sens<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"kw1\">if<\/span><span class=\"br0\">&#40;<\/span><span class=\"re0\">$user<\/span><span class=\"sy0\">-&gt;<\/span><span class=\"me1\">getId<\/span><span class=\"br0\">&#40;<\/span><span class=\"br0\">&#41;<\/span> <span class=\"sy0\">==<\/span> <span class=\"re0\">$subject<\/span><span class=\"sy0\">-&gt;<\/span><span class=\"me1\">getId<\/span><span class=\"br0\">&#40;<\/span><span class=\"br0\">&#41;<\/span><span class=\"br0\">&#41;<\/span><span class=\"br0\">&#123;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <span class=\"kw1\">return<\/span> <span class=\"kw4\">false<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"br0\">&#125;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"co1\">\/\/l'utilisateur doit avoir le ROLE_ADMIN<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"kw1\">if<\/span> <span class=\"br0\">&#40;<\/span><span class=\"sy0\">!<\/span><span class=\"re0\">$this<\/span><span class=\"sy0\">-&gt;<\/span><span class=\"me1\">security<\/span><span class=\"sy0\">-&gt;<\/span><span class=\"me1\">isGranted<\/span><span class=\"br0\">&#40;<\/span><span class=\"st_h\">'ROLE_ADMIN'<\/span><span class=\"br0\">&#41;<\/span><span class=\"br0\">&#41;<\/span> <span class=\"br0\">&#123;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <span class=\"kw1\">return<\/span> <span class=\"kw4\">false<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"br0\">&#125;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"co1\">\/\/Impossible si je ne suis pas SUPERADMIN et que le sujet l'est<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"kw1\">if<\/span> <span class=\"br0\">&#40;<\/span><span class=\"sy0\">!<\/span><span class=\"re0\">$this<\/span><span class=\"sy0\">-&gt;<\/span><span class=\"me1\">security<\/span><span class=\"sy0\">-&gt;<\/span><span class=\"me1\">isGranted<\/span><span class=\"br0\">&#40;<\/span><span class=\"st_h\">'ROLE_SUPERADMIN'<\/span><span class=\"br0\">&#41;<\/span> <span class=\"sy0\">&amp;&amp;<\/span> <span class=\"re0\">$this<\/span><span class=\"sy0\">-&gt;<\/span><span class=\"me1\">securizer<\/span><span class=\"sy0\">-&gt;<\/span><span class=\"me1\">isGranted<\/span><span class=\"br0\">&#40;<\/span><span class=\"re0\">$subject<\/span><span class=\"sy0\">,<\/span> <span class=\"st_h\">'ROLE_SUPERADMIN'<\/span><span class=\"br0\">&#41;<\/span><span class=\"br0\">&#41;<\/span> <span class=\"br0\">&#123;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <span class=\"kw1\">return<\/span> <span class=\"kw4\">false<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"br0\">&#125;<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"co1\">\/\/sinon c'est ok.<\/span><br \/>\n&nbsp; &nbsp; &nbsp; &nbsp; <span class=\"kw1\">return<\/span> <span class=\"kw4\">true<\/span><span class=\"sy0\">;<\/span><br \/>\n&nbsp; &nbsp; <span class=\"br0\">&#125;<\/span><br \/>\n<br \/>\n<span class=\"br0\">&#125;<\/span><\/div><\/div>\n<p>Tout est maintenant pr\u00eat est fonctionnel. Pour r\u00e9sumer en appliquant la seconde configuration YAML indiqu\u00e9 dans cette article et en cr\u00e9ant les fichiers correspondant aux deux portions de code suivants, la s\u00e9curit\u00e9 concernant le \u00ab\u00a0switch_user\u00a0\u00bb de notre application est en place, et facilement personnalisable. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Il existe dans Symfony une fonctionnalit\u00e9 permettant \u00e0 certains utilisateurs de \u00ab\u00a0se connecter en tant que\u00a0\u00bb n&rsquo;importe quel autre utilisateur (Documentation). Cette fonctionnalit\u00e9 est tr\u00e8s utile pour que les administrateurs puissent se connecter sur le compte d&rsquo;un client et v\u00e9rifier les \u00e9ventuels dysfonctionnements qui le concerne. Cependant, dans son fonctionnement par d\u00e9faut, d\u00e9s que l&rsquo;on [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2,3],"tags":[],"class_list":["post-552","post","type-post","status-publish","format-standard","hentry","category-developpement","category-symfony"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Symfony 5 : Limiter la possibilit\u00e9 de &quot;switch_user&quot; en fonction du r\u00f4le de l&#039;utilisateur cible. - Pense b\u00eate d&#039;un d\u00e9veloppeur web<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Symfony 5 : Limiter la possibilit\u00e9 de &quot;switch_user&quot; en fonction du r\u00f4le de l&#039;utilisateur cible. - Pense b\u00eate d&#039;un d\u00e9veloppeur web\" \/>\n<meta property=\"og:description\" content=\"Il existe dans Symfony une fonctionnalit\u00e9 permettant \u00e0 certains utilisateurs de \u00ab\u00a0se connecter en tant que\u00a0\u00bb n&rsquo;importe quel autre utilisateur (Documentation). Cette fonctionnalit\u00e9 est tr\u00e8s utile pour que les administrateurs puissent se connecter sur le compte d&rsquo;un client et v\u00e9rifier les \u00e9ventuels dysfonctionnements qui le concerne. Cependant, dans son fonctionnement par d\u00e9faut, d\u00e9s que l&rsquo;on [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/\" \/>\n<meta property=\"og:site_name\" content=\"Pense b\u00eate d&#039;un d\u00e9veloppeur web\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-25T11:32:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-25T12:48:04+00:00\" \/>\n<meta name=\"author\" content=\"Numa\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Numa\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/\"},\"author\":{\"name\":\"Numa\",\"@id\":\"https:\/\/numa-bord.com\/miniblog\/#\/schema\/person\/f9d00acd1703f17e5a6895283eb46a7e\"},\"headline\":\"Symfony 5 : Limiter la possibilit\u00e9 de \u00ab\u00a0switch_user\u00a0\u00bb en fonction du r\u00f4le de l&rsquo;utilisateur cible.\",\"datePublished\":\"2020-01-25T11:32:15+00:00\",\"dateModified\":\"2020-01-25T12:48:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/\"},\"wordCount\":560,\"commentCount\":0,\"articleSection\":[\"D\u00e9veloppement\",\"Symfony\"],\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/\",\"url\":\"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/\",\"name\":\"Symfony 5 : Limiter la possibilit\u00e9 de \\\"switch_user\\\" en fonction du r\u00f4le de l'utilisateur cible. - Pense b\u00eate d&#039;un d\u00e9veloppeur web\",\"isPartOf\":{\"@id\":\"https:\/\/numa-bord.com\/miniblog\/#website\"},\"datePublished\":\"2020-01-25T11:32:15+00:00\",\"dateModified\":\"2020-01-25T12:48:04+00:00\",\"author\":{\"@id\":\"https:\/\/numa-bord.com\/miniblog\/#\/schema\/person\/f9d00acd1703f17e5a6895283eb46a7e\"},\"breadcrumb\":{\"@id\":\"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/numa-bord.com\/miniblog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Symfony 5 : Limiter la possibilit\u00e9 de \u00ab\u00a0switch_user\u00a0\u00bb en fonction du r\u00f4le de l&rsquo;utilisateur cible.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/numa-bord.com\/miniblog\/#website\",\"url\":\"https:\/\/numa-bord.com\/miniblog\/\",\"name\":\"Pense b\u00eate d&#039;un d\u00e9veloppeur web\",\"description\":\"(php, javascript, Symfony, Wordpress....)\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/numa-bord.com\/miniblog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/numa-bord.com\/miniblog\/#\/schema\/person\/f9d00acd1703f17e5a6895283eb46a7e\",\"name\":\"Numa\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f21d1af4658a7106211915940584534c1e0b3eef3f12eb67a697686cad70b64a?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f21d1af4658a7106211915940584534c1e0b3eef3f12eb67a697686cad70b64a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f21d1af4658a7106211915940584534c1e0b3eef3f12eb67a697686cad70b64a?s=96&d=mm&r=g\",\"caption\":\"Numa\"},\"url\":\"https:\/\/numa-bord.com\/miniblog\/author\/negonner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Symfony 5 : Limiter la possibilit\u00e9 de \"switch_user\" en fonction du r\u00f4le de l'utilisateur cible. - Pense b\u00eate d&#039;un d\u00e9veloppeur web","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/","og_locale":"fr_FR","og_type":"article","og_title":"Symfony 5 : Limiter la possibilit\u00e9 de \"switch_user\" en fonction du r\u00f4le de l'utilisateur cible. - Pense b\u00eate d&#039;un d\u00e9veloppeur web","og_description":"Il existe dans Symfony une fonctionnalit\u00e9 permettant \u00e0 certains utilisateurs de \u00ab\u00a0se connecter en tant que\u00a0\u00bb n&rsquo;importe quel autre utilisateur (Documentation). Cette fonctionnalit\u00e9 est tr\u00e8s utile pour que les administrateurs puissent se connecter sur le compte d&rsquo;un client et v\u00e9rifier les \u00e9ventuels dysfonctionnements qui le concerne. Cependant, dans son fonctionnement par d\u00e9faut, d\u00e9s que l&rsquo;on [&hellip;]","og_url":"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/","og_site_name":"Pense b\u00eate d&#039;un d\u00e9veloppeur web","article_published_time":"2020-01-25T11:32:15+00:00","article_modified_time":"2020-01-25T12:48:04+00:00","author":"Numa","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"Numa","Dur\u00e9e de lecture estim\u00e9e":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/#article","isPartOf":{"@id":"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/"},"author":{"name":"Numa","@id":"https:\/\/numa-bord.com\/miniblog\/#\/schema\/person\/f9d00acd1703f17e5a6895283eb46a7e"},"headline":"Symfony 5 : Limiter la possibilit\u00e9 de \u00ab\u00a0switch_user\u00a0\u00bb en fonction du r\u00f4le de l&rsquo;utilisateur cible.","datePublished":"2020-01-25T11:32:15+00:00","dateModified":"2020-01-25T12:48:04+00:00","mainEntityOfPage":{"@id":"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/"},"wordCount":560,"commentCount":0,"articleSection":["D\u00e9veloppement","Symfony"],"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/","url":"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/","name":"Symfony 5 : Limiter la possibilit\u00e9 de \"switch_user\" en fonction du r\u00f4le de l'utilisateur cible. - Pense b\u00eate d&#039;un d\u00e9veloppeur web","isPartOf":{"@id":"https:\/\/numa-bord.com\/miniblog\/#website"},"datePublished":"2020-01-25T11:32:15+00:00","dateModified":"2020-01-25T12:48:04+00:00","author":{"@id":"https:\/\/numa-bord.com\/miniblog\/#\/schema\/person\/f9d00acd1703f17e5a6895283eb46a7e"},"breadcrumb":{"@id":"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/numa-bord.com\/miniblog\/symfony-5-limiter-la-possibilite-de-switch_user-en-fonction-du-role-de-lutilisateur-cible\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/numa-bord.com\/miniblog\/"},{"@type":"ListItem","position":2,"name":"Symfony 5 : Limiter la possibilit\u00e9 de \u00ab\u00a0switch_user\u00a0\u00bb en fonction du r\u00f4le de l&rsquo;utilisateur cible."}]},{"@type":"WebSite","@id":"https:\/\/numa-bord.com\/miniblog\/#website","url":"https:\/\/numa-bord.com\/miniblog\/","name":"Pense b\u00eate d&#039;un d\u00e9veloppeur web","description":"(php, javascript, Symfony, Wordpress....)","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/numa-bord.com\/miniblog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/numa-bord.com\/miniblog\/#\/schema\/person\/f9d00acd1703f17e5a6895283eb46a7e","name":"Numa","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/f21d1af4658a7106211915940584534c1e0b3eef3f12eb67a697686cad70b64a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f21d1af4658a7106211915940584534c1e0b3eef3f12eb67a697686cad70b64a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f21d1af4658a7106211915940584534c1e0b3eef3f12eb67a697686cad70b64a?s=96&d=mm&r=g","caption":"Numa"},"url":"https:\/\/numa-bord.com\/miniblog\/author\/negonner\/"}]}},"_links":{"self":[{"href":"https:\/\/numa-bord.com\/miniblog\/wp-json\/wp\/v2\/posts\/552","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/numa-bord.com\/miniblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/numa-bord.com\/miniblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/numa-bord.com\/miniblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/numa-bord.com\/miniblog\/wp-json\/wp\/v2\/comments?post=552"}],"version-history":[{"count":16,"href":"https:\/\/numa-bord.com\/miniblog\/wp-json\/wp\/v2\/posts\/552\/revisions"}],"predecessor-version":[{"id":570,"href":"https:\/\/numa-bord.com\/miniblog\/wp-json\/wp\/v2\/posts\/552\/revisions\/570"}],"wp:attachment":[{"href":"https:\/\/numa-bord.com\/miniblog\/wp-json\/wp\/v2\/media?parent=552"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/numa-bord.com\/miniblog\/wp-json\/wp\/v2\/categories?post=552"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/numa-bord.com\/miniblog\/wp-json\/wp\/v2\/tags?post=552"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}