semsem semsem - 1 month ago 19
PHP Question

symfony2 access control restrict ROLE_SUPER_ADMIN

I want to restrict some routes from being accessed by all roles (SUPER_ADMIN, ADMIN included) except for (ROLE_CUSTOM)

Where ROLE_CUSTOM is a custom role created for specified route.

The only role can access this route is (ROLE_CUSTOM)

I want to control this from security.access_control.yml or from firewall configuration.

I know i can use is_granted function but i want to control it from security.access_control.yml or from firewall configuration.

How can i achieve this?

Answer

Roles are simple, and are basically strings that you invent and use as needed, so ROLE_SUPER_ADMIN and ROLE_ADMIN are already custom roles created by you. Then everything depends on your role hierarchy (Reference):

security:   
    role_hierarchy:
        ROLE_CUSTOM:      ROLE_USER
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

To allow you to protect URL patterns for users with ROLE_CUSTOM just do the following (Reference):

security:
    access_control:
        - { path: ^/exclusive-path$, role: ROLE_CUSTOM }

Ready! only users with ROLE_CUSTOM can access to /exclusive-path paths.

Comments