Access deny all controllers except few. Symfony 3

How to deny access to all controllers except some?
I have roles: ROLE_SUPER_ADMIN, ROLE_ADMIN, ROLE_MANAGER.

If I use annotations, then everything is fine. The index method is available to the manager, the ROLE_MANAGER in the method overrides the ROLE_ADMIN

/**
 * @Security("has_role('ROLE_ADMIN')")
 */
 class TestController extends Controller
{
    /**
     * @Security("has_role('ROLE_MANAGER')")
     */
    public function index(): Response
    {
        return new Response('Test');
    }
 }

If I deny access to everyone except admins, then the override in the controller does not work. My access_control in security.yml:

access_control:
    - { path: ^/login,      role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/,       role: ROLE_ADMIN }

I can write all the routes in the access_control, but the list is too big and it’s inconvenient. And it is more convenient to use annotations in the controller.

I want to do this so that when a new controller is created, it is only available to ROLE_ADMIN by default.

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *