Access deny all controllers except few. Symfony 3

How to deny access to all controllers except some?

If I use annotations, then everything is fine. The index method is available to the manager, the ROLE_MANAGER in the method overrides the ROLE_ADMIN

 * @Security("has_role('ROLE_ADMIN')")
 class TestController extends Controller
     * @Security("has_role('ROLE_MANAGER')")
    public function index(): Response
        return new Response('Test');

If I deny access to everyone except admins, then the override in the controller does not work. My access_control in security.yml:

    - { path: ^/login,      role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/,       role: ROLE_ADMIN }

I can write all the routes in the access_control, but the list is too big and it’s inconvenient. And it is more convenient to use annotations in the controller.

I want to do this so that when a new controller is created, it is only available to ROLE_ADMIN by default.

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *