Skip to content

implement security in every controller methods

some routes do not check if user is locked while it is needed

use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
// ...

public function hello($name, AuthorizationCheckerInterface $authChecker)
{
    if (false === $authChecker->isGranted('ROLE_ADMIN')) {
        throw new AccessDeniedException('Unable to access this page!');
    }

    // ...
}

or

// inside a controller
$this->denyAccessUnlessGranted('ROLE_USER', null, 'message if needed');
Edited by Anne Garcia-Fernandez