I have a security.yaml like this:
api_documentary:
pattern: ^/api/v1/documentary
fos_oauth: true
stateless: false
methods: [POST, PUT, DELETE]
- { path: ^/api/v1/documentary, roles: IS_AUTHENTICATED_ANONYMOUSLY }
I want the firewall to be on (accessed by access token) on the following routes ^/api/v1/documentary POST, PUT, DELETE
I want the firewall to be off on the routes: GET and GET ALL
If I exclude GET from methods: [] above I can access them publicly, however something weird happens:
The isGranted doesn't work, even though the user has the following roles [ROLE_USER, ROLE_ADMIN] it doesn't seem to notice.
if (!$this->isGranted('ROLE_ADMIN')) {
return new JsonResponse("Not granted");
}
If I add to api_documentary:
methods: [GET, POST, PUT, DELETE]
isGranted works but the GET method will no longer be public.