To check if a user have access to a controller depending on his role we usually do something like this in the top of the controller:
$this->denyAccessUnlessGranted('ROLE_ADMIN');
or use annotation:
/**
* @Security("has_role('ROLE_ADMIN')")
*/
And all protected controllers have such a check.
Is it possible to put this check in a route settings, eg this way or somehow similar:
protected_route:
path: /top_secret
defaults: { _controller: '...', roles: [ROLE_ADMIN] }
?
Yes you should look at this page:
http://symfony.com/doc/current/book/security.html#securing-url-patterns-access-control
# app/config/security.yml
security:
# ...
firewalls:
# ...
access_control:
# require ROLE_ADMIN for /admin*
- { path: ^/admin, roles: ROLE_ADMIN }
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.