I'm new to symfony2 and I don't understand the way the security.yml works
I have 2 roles in my application: ROLE_USER, ROLE_ADMIN.
ROLE_USER: can only view (cannot CRUD)
ROLE_ADMIN: can do everything (can CRUD)
I have 2 basic questions:
Is there only 1 security.yml in app/config? Can I create a security.yml for my bundle ThePartner\EZFBundle\Resource\config where I can specify which route a role can access?
I want to prevent ROLE_USER to access to route blue_form_new, blue_form_create, blue_form_edit, blue_form_update, blue_form_delete? This ROLE_USER could only access blue_form, blue_form_show
Here is my ThePartner\EZFBundle\Resources\routing.yml
ThePartnerEZFBundle_blue_form:
resource: "@ThePartnerEZFBundle/Resources/config/routing/blueform.yml"
prefix: /blue_form
Here is the ThePartnerEZFBundle/Resources/config/routing/blueform.yml
blue_form:
pattern: /
defaults: { _controller: "ThePartnerEZFBundle:BlueForm:index" }
blue_form_show:
pattern: /{id}/show
defaults: { _controller: "ThePartnerEZFBundle:BlueForm:show" }
blue_form_new:
pattern: /new
defaults: { _controller: "ThePartnerEZFBundle:BlueForm:new" }
blue_form_create:
pattern: /create
defaults: { _controller: "ThePartnerEZFBundle:BlueForm:create" }
requirements: { _method: post }
blue_form_edit:
pattern: /{id}/edit
defaults: { _controller: "ThePartnerEZFBundle:BlueForm:edit" }
blue_form_update:
pattern: /{id}/update
defaults: { _controller: "ThePartnerEZFBundle:BlueForm:update" }
requirements: { _method: post|put }
blue_form_delete:
pattern: /{id}/delete
defaults: { _controller: "ThePartnerEZFBundle:BlueForm:delete" }
requirements: { _method: post|delete }
Thanks guys
