Setting up security for each src folder in Symfony

I try to set up security per folder under src/ in Symfony. But I want a different set of security rules per main folder “General” and “Intranet” without having to prefix the routes… So I only have to prefix “Extranet”

Is that possible? I know that with a prefix in routing.yml it is very easy to do but that is not an option since the visible urls will suddenly change

The problem arises when we have to allow External users to our platform. For years it was only available for the companies’ employees only but now external people must have access to certain pages. And some general routes (ajax calls etc) must be available for all

  • src/
    • Intranet/ => Open routes for internal users
      • SomeBundle
    • General/ => Open routes for all users
      • AnotherBundle
    • Extranet/ => Open routes for external users
      • TheBestBundle

Then the Extranet routes all get an extra prefix /extranet/. But I would like to have the other 2 (General and Intranet) without any prefix

# routing.yml
    resource: "@ExtranetBundle/Controller/"
    prefix:   /extranet/

Then with access control I take care of the /extranet routes

    # Login and the base_route "/" is always available
    - { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }

    # External users + Super admins + server IP's can only access urls starting with /extranet/
        path: ^/extranet/*
        ips: !php/const:SomeBundleSomeClassConstantProvider::ALLOWED_SERVER_IPS

    # Some routes need to be available for both internal and external users
    # but hopefully without having to prefix them


    # All other routes are only for internal users and the right ip addresses
        path: ^/*
        role: ROLE_INTERNAL_USER
        ips: !php/const:SomeBundleSomeClassConstantProvider::ALLOWED_SERVER_IPS

Or maybe an idea of approaching this problem differently?

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *