In my security.yaml file I have:
access_control:
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
But I have defined one more route: api/doc
and api/doc.json
which I want to exclude from this specific group like:
- { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
and I want to exclude just for this specific path but not from all api/
extensions.
Do I need to put this endpoint above first one or is there another way?
My Answer:
You can achieve this by adding a specific route for the /api/doc path before the general /api path in your access_control configuration. This way, Symfony will match the /api/doc route first and apply the IS_AUTHENTICATED_ANONYMOUSLY role to it, and then move on to the general /api route.
Here's how you can update your security.yaml file:
yaml
access_control:
- { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
By defining the /api/doc route first, Symfony will match it before the general /api route and apply the IS_AUTHENTICATED_ANONYMOUSLY role to it. This way, the /api/doc route will be excluded from the IS_AUTHENTICATED_FULLY role defined for the general /api route.
Rate this post
4 of 5 based on 4670 votesComments