Is it possible to assign required roles for route, where all of the roles are mandatory for granted access? Currently I have something like this:
security:
access_control:
- { path: ^/admin, roles: [ROLE_EMAIL_VERIFIED, ROLE_ADMIN] }
- { path: ^/user, roles: [ROLE_EMAIL_VERIFIED, ROLE_USER] }
But even user, that has ROLE_EMAIL_VERIFIED have access to admin, because it's "ROLE_EMAIL_VERIFIED or ROLE_ADMIN" not 'and'.
I found out about allow_if with usage of has_role(), but this was in Symfony 2 and in Symfony 5.4 this is not working (the function does not exist).