S S :
I have a users table where roles field contains ["ROLE_SUPERUSER"]
Now I have two Urls:
- localhost:8000/api/en/login
- localhost:8000/api/en/test
When the user successfully logins, it generate a cookie. How can set the access control to the second URL where if the cookie is not set then this URL is not allowed.
I have added following lines to the security.yaml file
access_control:
- { path: ^/api/{locale}, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/{locale}, roles: ROLE_SUPERUSER}
But this didn't work.
Any help?
Cid :
The firewall will take the first route that matches and apply the restriction.
One doesn't want to apply some firewall restrictions for login path, so it can be excluded from the list.
I'm not 100% sure if {locale} in firewall will work, unlike in the route description. However, you can use RegEx to define a rule on ^/api/<anything>/test :
access_control:
- { path: ^/api/.*?/test, roles: ROLE_SUPERUSER }
Guess you like
Origin http://43.154.161.224:23101/article/api/json?id=302309&siteId=1