I want to restrict some routes from being accessed by all roles (SUPER_ADMIN, ADMIN included) except for (ROLE_CUSTOM)
Where ROLE_CUSTOM is a custom role created for specified route.
The only role can access this route is (ROLE_CUSTOM)
I want to control this from security.access_control.yml or from firewall configuration.
I know i can use is_granted function but i want to control it from security.access_control.yml or from firewall configuration.
How can i achieve this?
Roles are simple, and are basically strings that you invent and use as needed, so ROLE_SUPER_ADMIN and ROLE_ADMIN are already custom roles created by you. Then everything depends on your role hierarchy (Reference):
security:
role_hierarchy:
ROLE_CUSTOM: ROLE_USER
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
To allow you to protect URL patterns for users with ROLE_CUSTOM just do the following (Reference):
security:
access_control:
- { path: ^/exclusive-path$, role: ROLE_CUSTOM }
Ready! only users with ROLE_CUSTOM can access to /exclusive-path paths.