Symfony: Access control expressions reference
17 July 2022 (Updated 17 July 2022)
On this page
In a nutshell
You can pass an Expression object to the isGranted or denyAccessUnlessGranted methods like so:
// src/Controller/MyController.php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\ExpressionLanguage\Expression;
use Symfony\Component\HttpFoundation\Response;
class SomeController extends AbstractController
{
public function index(): Response
{
$this->denyAccessUnlessGranted(new Expression(
'"ROLE_ADMIN" in role_names or (is_authenticated() and user.isSuperAdmin())'
));
// ...
}
}Inside the expression, you have access to a number of variables:
| Variable | Description |
user | The user object (or the string anon if you’re not authenticated). |
role_names | An array of strings representing the user’s roles. |
object | The object (if any) that’s passed as the second argument to isGranted(). |
subject | Alias for object. |
token | The token object (what is this?) |
Sources
Tagged:
Symfony
Thanks for your comment 🙏. Once it's approved, it will appear here.
Leave a comment