Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials.
$ composer require symfony/security-core
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
use Symfony\Component\Security\Core\Authorization\Voter\RoleVoter;
use Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Core\Role\RoleHierarchy;
$accessDecisionManager = new AccessDecisionManager([
new AuthenticatedVoter(new AuthenticationTrustResolver()),
new RoleVoter(),
new RoleHierarchyVoter(new RoleHierarchy([
'ROLE_ADMIN' => ['ROLE_USER'],
]))
]);
$user = new \App\Entity\User(...);
$token = new UsernamePasswordToken($user, 'main', $user->getRoles());
if (!$accessDecisionManager->decide($token, ['ROLE_ADMIN'])) {
throw new AccessDeniedException();
}