Can a URL with a UUID placeholder be secured using Symfony's ACL? - PhpOut

BogdanDubyk
May 11, 2023
259 views
0 votes
2 Answers

how can I tell that I want url for example like /users/{id}/confirm to be publically available????
I tried with

- { path: ^/users/{id}/confirm, roles: PUBLIC_ACCESS }

and syntax is incorrect, also I tried to cover url with quotes and getting 404 response.

Third try:

- { path: ^/users/[0-9a-f]{8}-[0-9a-f]{4}-1[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}/confirm, roles: PUBLIC_ACCESS }

yaml incorrect

Tags: php symfony

Answers

- VDevS
- May 9, 2023 at 11:25 am
- 0 votes
0
```
#config/packages/security.yaml
    security:
        access_control:
            - { path: ^/admin, roles: ROLE_ADMIN }
            - { path: ^/users, roles: ROLE_USER}
            - { path: ^/register, roles: PUBLIC_ACCESS }
```
And in your controller, you can use annotations or attributes restrictions :
```
#[IsGranted('ROLE_USER', statusCode: 403, message: 'Please to login..')]
#[Route('/users/{id}', name: 'name_of_..')]
```
More infos : https://symfony.com/doc/current/security/access_control.html#2-access-enforcement

Maybe to try with differents roles in your restriction attributes/annotations
Login or Signup to reply.

- FatalError
- May 10, 2023 at 8:43 am
- 0 votes
0
instead of using id placeholder you need to use numeric placeholder
```
// config/packages/security.yaml
security:
    access_control:
        - { path: ^/users/d+$/confirm, roles: PUBLIC_ACCESS }
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.