sajad torkamani

In a nutshell

You can pass an Expression object to the isGranted or denyAccessUnlessGranted methods like so:

// src/Controller/MyController.php
namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\ExpressionLanguage\Expression;
use Symfony\Component\HttpFoundation\Response;

class SomeController extends AbstractController
{
    public function index(): Response
    {
        $this->denyAccessUnlessGranted(new Expression(
            '"ROLE_ADMIN" in role_names or (is_authenticated() and user.isSuperAdmin())'
        ));

        // ...
    }
}

Inside the expression, you have access to a number of variables:

VariableDescription
userThe user object (or the string anon if you’re not authenticated).
role_namesAn array of strings representing the user’s roles.
objectThe object (if any) that’s passed as the second argument to isGranted().
subjectAlias for object.
tokenThe token object (what is this?)

Sources

Tagged: Symfony

Leave a comment

Your email address will not be published. Required fields are marked *