symfony credentials issue with sfDoctrineGuard 5.x

I am using sfDoctrineGuard 5.x and I have configured my module credentials in security.yml like this:

all:
  is_secure: true
  credentials: [ admin ]

and my app/backend/config/security.yml:

default:
  is_secure: true

I have tested using:

$this->getUser()->hasPermission('vendor'): returned true $this->getUser()->hasPermission('admin'): returned false

so I guess the users are inheriting credentials right. But still users with other credentials can access the module!

I have 3 types of group admin, client and vendor and similar permissions: admin, client and vendor!

And users having 'client' or 'vendor' credentials can access the module ignoring the credentials defined in the security.yml after login !

What could be the problem? Can anyone give me some direction?

oh, I am using sfForkedApplyPlugin for registration and prof开发者_运维百科ile editing process, which I don't think causing the issue, as I am testing with predefined fixture data.

I figured out the problem just now! It was the *is_super_admin* field in *sf_guard_user* table which was set to 1 for all my dummy users in fixture.yml :) ! That's why every users were getting access to all modules bypassing the credentials!