Challenge 1 / 1

In one CRUD section, I need to allow access only if the user has ROLE_SIMBA_ADMIN. But for one specific action (the DELETE action), I need to require ROLE_MUFASA_ADMIN. What's the best way to do this?

Note: ROLE_MUFASA_ADMIN also grants access to ROLE_SIMBA_ADMIN in role_hierarchy.

Protect the entire crud controller with #[IsGranted('ROLE_SIMBA_ADMIN)].
In configureActions(), call setPermission(Actions::DELETE, 'ROLE_MUFASA_ADMIN').

Put #[IsGranted('ROLE_SIMBA_ADMIN)] above all the actions (e.g. index(), edit(), etc).
Put #[IsGranted('ROLE_MUFASA_ADMIN)] above the delete() action.

Because not every action requires the same role, in configureActions(), set the permission for each action to the correct role (either ROLE_SIMBA_ADMIN or ROLE_MUFASA_ADMIN).

Rewatch the video