E1.33 Php Symfony Security: Role based controller protection (Wpf, Xamarin, Angular SPA, Reactjs SPA) - chempkovsky/CS2WPF-and-CS2XAMARIN GitHub Wiki
One declarative way
One of the way to protect controllers is to use access_control of the security.yaml
With a code
- To protect by only one role
- put the following line at the beginning of each method
$this->denyAccessUnlessGranted('ROLE_ADMIN');
- To protect by multiple roles
- put the following line at the beginning of each method (User must have at least one of the roles)
if(!($this->isGranted('ROLE_ADMIN') || $this->isGranted('ROLE_EMP'))) {
$exception = $this->createAccessDeniedException('This is your message here');
// $exception->setAttributes($attribute);
// $exception->setSubject($subject);
throw $exception;
}
- To protect by multiple roles
- put the following line at the beginning of each method. (User must have two roles)
if(!($this->isGranted('ROLE_ADMIN') && $this->isGranted('ROLE_EMP'))) {
$exception = $this->createAccessDeniedException('This is your message here');
// $exception->setAttributes($attribute);
// $exception->setSubject($subject);
throw $exception;
}