Security - MiguelFieira/AMO-HANDBOEK GitHub Wiki

Symfony is a PHP framework for web applications and a set of reusable PHP components. Symfony is used by thousands of web applications (including BlaBlaCar.com and Spotify.com) and most of the popular PHP projects (including Drupal and Magento).

In the config/packages/security.yaml

1. Navigate to config/packages/security.yaml and scroll down to the "access_control" section

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/, role: ROLE_ADMIN }
        # - { path: ^/profile, roles: ROLE_USER }

// It should look like this

2. You can use predefined paths in from "routes.yaml" (For more info go to: Routing Tutorial)

For Example you made a Logboek Crud and you only want a Admin user to acces it, and you already added a path in "routes.yaml". You start by adding a new line like this - { path: ^/chauffeur/, role: ROLE_ADMIN }

    # This is a comment

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/, role: ROLE_ADMIN }
        # - { path: ^/profile, roles: ROLE_USER }
        - { path: ^/chauffeur/, role: ROLE_ADMIN } 
        # By adding ROLE_ADMIN we made sure then only a user logged in with ROLE_ADMIN or above will be able to acces the page.

// Result after adding new line

What did we just add?

• We added a "path" that we already defined in "config/routes.yaml" and a "role".
• With "role" that we defined in the "role_hiarachy" we can block users with a other role from accessing the page.

# I added a "Chauffeur" Role here as an example

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_CHAUFFEUR:   ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

When defining a role you need 2 things: The role name and the role that is lower than the new one.

For example:

If you want to create a role named ROLE_MODERATOR and you want it to have all the rights of ROLE_ADMIN then you have to place something like this in the role_hierachy: ROLE_MODERATOR: ROLE_ADMIN. So this means that the ROLE_MODERATOR is higher in the hierarchy then ROLE_ADMIN and has all the rights of ROLE_ADMIN (so if you have IS_GRANTED("ROLE_ADMIN") it will return true when it has the role ROLE_MODERATOR).