I'm trying to use @Security annotations for my routes. Like this:
/**
* @return Response
* @Route("/action")
* @Security("has_role('ROLE_USER')")
* @Template()
*/
public function someAction()
{
return array();
}
When the security restriction fires an exception, I get the message Expression "has_role('ROLE_USER')" denied access.
This is not acceptable to be shown to the end user, so I'm trying to find a way to customize the message for annotation.
Simple workaround is to not to use @Secutity annotations and write code like these:
/**
* @return Response
* @Route("/action")
*
* @Template()
*/
public function someAction()
{
if (!$this->get('security.context')->isGranted('ROLE_USER')) {
throw new AccessDeniedException('You have to be logged in in order to use this feature');
}
return array();
}
But this is less convenient and less readable.
Is it possible to write custom message to @Security annotations?
As soon as I realized that this is not possible, I have made a pull request to the Sensio FrameworkExtra Bundle to make this possible.
This PR allows to customize displayed message by specifying the message parameter like
@Security("has_role('ROLE_USER')",message="You have to be logged in")