TugBenson
Reputation: 63
How to block url when the user has not verified their account ? (Symfony 6)
For my project (Symfony 6) I want to restrict some url as long as the user has not validated his account by clicking on the link received by email. Because since i have make Registration (with symfony's website) I don't understand the interest of this point (account isVerified)
How to do this?
i've tried many things like modify security.yaml
Upvotes: 0
Views: 671
Answers (1)
Arleigh Hix
Reputation: 10887
You can give the user an additional role when they verify, then deny access if they don't have it in your controller like so:
// src/Controller/AdminController.php
// ...
public function adminDashboard(): Response
{
$this->denyAccessUnlessGranted('ROLE_VERIFIED');
// or add an optional message - seen by developers
$this->denyAccessUnlessGranted('ROLE_VERIFIED', null, 'User tried to access a page without having ROLE_VERIFIED');
}
https://symfony.com/doc/current/security.html#securing-controllers-and-other-code
You can also deny an entire pattern in security.yml:
# config/packages/security.yaml
security:
# ...
access_control:
# matches /users/verfied/*
- { path: '^/users/verfied', roles: ROLE_VERIFIED}
# matches /users/* except for anything matching the above rule
- { path: '^/users', roles: ROLE_USER }
https://symfony.com/doc/current/security.html#securing-url-patterns-access-control
Upvotes: 3
Related Questions
- Symfony check if user is authenticated
- Deny access if user is not confirmed on Symfony
- Prevent user from logging in in Symfony
- custom authentication for certain urls in symfony
- Symfony2 Deny User Login Based on Custom Status
- How to prevent blocked user from logging in Symfony2?
- How to restrict acces to login form if user is authenticated?
- Symfony2: How to redirect on a specific page when user is not allowed to access a url pattern
- Redirect to a url when not authorised
- Reject anonymous connection except for some url