How to deny access to all controllers except some? I have roles: ROLE_SUPER_ADMIN, ROLE_ADMIN, ROLE_MANAGER.
If I use annotations, then everything is fine. The index method is available to the manager, the ROLE_MANAGER in the method overrides the ROLE_ADMIN
/**
* @Security("has_role('ROLE_ADMIN')")
*/
class TestController extends Controller
{
/**
* @Security("has_role('ROLE_MANAGER')")
*/
public function index(): Response
{
return new Response('Test');
}
}
If I deny access to everyone except admins, then the override in the controller does not work. My access_control in security.yml:
access_control:
- { path: ^/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_ADMIN }
I can write all the routes in the access_control, but the list is too big and it's inconvenient. And it is more convenient to use annotations in the controller.
I want to do this so that when a new controller is created, it is only available to ROLE_ADMIN by default.