There are several way to make authorization on your site with Symfony.
First is in your security.yml on the same level as firewalls tag:
access_control: |
|
- { path: ^/admin, roles: ROLE_USER } |
This will block all users that don’t have ‘ROLE_USER’ to admin page.
Second option is to use Controller. Inside Method insert:
if(!$this->get('security.authorization_checker')->isGranted('ROLE_ADMIN')){ |
|
throw $this->createAccessDeniedException('GET OUT!'); |
|
} |
Or like this:
$this->denyAccessUnlessGranted('ROLE_ADMIN'); |
This will deny access to all users that don’t have ‘ROLE_ADMIN’ to this method.
You can also use annotations:
/** |
|
* @Security("is_granted('ROLE_ADMIN')") |
|
*/ |
Annotations also work if you add them to the Class. So they will block all users that don’t have ‘ROLE_ADMIN’ to this class.