denyAccessUnlessGranted in controller multiple roles

9
votes

I found this controller method that helps filtering access with a role name :

$this->denyAccessUnlessGranted('ROLE_EDIT', $item, 'You cannot edit this item.');

Is it possible to use the same method with multiple roles. I tried something like this but it doesnt seems to work :

$this->denyAccessUnlessGranted(array('ROLE_EDIT', 'ROLE_WHATEVER'), $item, 'You cannot edit this item.');
2
phpsymfonyroles
what you want to express ? are both roles neccessary or one of both ? - john Smith
i need both roles to be able access the action - Python

2 Answers

9
votes

looking into the method shows how it works 

protected function denyAccessUnlessGranted($attributes, $object = null, $message = 'Access Denied.')
{
    if (!$this->isGranted($attributes, $object)) {
        throw $this->createAccessDeniedException($message);
    }
}

so you could easily adapt this to your case

in your controller sth. like: 

if(!$this->isGranted('ROLE_EDIT', $item) && !$this->isGranted('ROLE_OTHER', $item)){
    throw $this->createAccessDeniedException('not allowed');
}
6
votes

denyAccessUnlessGranted accepts an array of Role Names, so

$this->denyAccessUnlessGranted(['ROLE_EDIT', 'ROLE_ADMIN'], $item, 'You cannot edit this item.');

so, you should be able to pass all your roles.

Craig