You are browsing the Symfony 4 documentation, which changes significantly from Symfony 3.x. If your app doesn't use Symfony 4 yet, browse the Symfony 3.4 documentation.
How to Secure any Service or Method in your Application
How to Secure any Service or Method in your ApplicationΒΆ
In the security article, you can see how to
secure a controller by requesting
the Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface
service from the Service Container and checking the current user's role:
1 2 3 4 5 6 7 8 9 10 11 12 | // ...
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
public function hello(AuthorizationCheckerInterface $authChecker)
{
if (!$authChecker->isGranted('ROLE_ADMIN')) {
throw new AccessDeniedException();
}
// ...
}
|
You can also secure any service by injecting the authorization checker
service into it. For a general introduction to injecting dependencies into
services see the Service Container article. For example, suppose you
have a NewsletterManager
class that sends out emails and you want to
restrict its use to only users who have some ROLE_NEWSLETTER_ADMIN
role.
Before you add security, the class looks something like this:
1 2 3 4 5 6 7 8 9 10 11 12 | // src/Newsletter/NewsletterManager.php
namespace App\Newsletter;
class NewsletterManager
{
public function sendNewsletter()
{
// ... where you actually do the work
}
// ...
}
|
Your goal is to check the user's role when the sendNewsletter()
method is
called. The first step towards this is to inject the
Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface
service into the object:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | // src/Newsletter/NewsletterManager.php
// ...
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
class NewsletterManager
{
protected $authChecker;
public function __construct(AuthorizationCheckerInterface $authChecker)
{
$this->authChecker = $authChecker;
}
public function sendNewsletter()
{
if (!$this->authChecker->isGranted('ROLE_NEWSLETTER_ADMIN')) {
throw new AccessDeniedException();
}
// ...
}
// ...
}
|
If you're using the default services.yaml configuration,
Symfony will automatically pass the authorization checker to your service
thanks to autowiring and the AuthorizationCheckerInterface
type-hint.
If the current user does not have the ROLE_NEWSLETTER_ADMIN
, they will
be prompted to log in.
This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.