sajad torkamani

In a nutshell

You can pass an Expression object to the isGranted or denyAccessUnlessGranted methods like so:

// src/Controller/MyController.php
namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\ExpressionLanguage\Expression;
use Symfony\Component\HttpFoundation\Response;

class SomeController extends AbstractController
    public function index(): Response
        $this->denyAccessUnlessGranted(new Expression(
            '"ROLE_ADMIN" in role_names or (is_authenticated() and user.isSuperAdmin())'

        // ...

Inside the expression, you have access to a number of variables:

userThe user object (or the string anon if you’re not authenticated).
role_namesAn array of strings representing the user’s roles.
objectThe object (if any) that’s passed as the second argument to isGranted().
subjectAlias for object.
tokenThe token object (what is this?)


Tagged: Symfony