1000 search results

Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Security Voter
249 lines | src/Entity/DragonTreasure.php
// ... lines 1 - 27
#[ApiResource(
// ... lines 29 - 30
operations: [
// ... lines 32 - 40
new Patch(
security: 'is_granted("EDIT", object)',
// ... line 43
),
// ... lines 45 - 47
],
// ... lines 49 - 65
)]
// ... lines 67 - 87
class DragonTreasure
{
// ... lines 90 - 247
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Security Voter
249 lines | src/Entity/DragonTreasure.php
// ... lines 1 - 27
#[ApiResource(
// ... lines 29 - 30
operations: [
// ... lines 32 - 40
new Patch(
security: 'is_granted("EDIT", object)',
securityPostDenormalize: 'is_granted("EDIT", object)',
),
// ... lines 45 - 47
],
// ... lines 49 - 65
)]
// ... lines 67 - 87
class DragonTreasure
{
// ... lines 90 - 247
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Allow Admin Users to Edit any Treasure
249 lines | src/Entity/DragonTreasure.php
// ... lines 1 - 27
#[ApiResource(
// ... lines 29 - 30
operations: [
// ... lines 32 - 40
new Patch(
security: 'is_granted("ROLE_ADMIN") or (is_granted("ROLE_TREASURE_EDIT") and object.getOwner() == user)',
// ... line 43
),
// ... lines 45 - 47
],
// ... lines 49 - 65
)]
// ... lines 67 - 87
class DragonTreasure
{
// ... lines 90 - 247
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Allow Admin Users to Edit any Treasure
249 lines | src/Entity/DragonTreasure.php
// ... lines 1 - 27
#[ApiResource(
// ... lines 29 - 30
operations: [
// ... lines 32 - 40
new Patch(
security: 'is_granted("ROLE_ADMIN") or (is_granted("ROLE_TREASURE_EDIT") and object.getOwner() == user)',
securityPostDenormalize: 'is_granted("ROLE_ADMIN") or object.getOwner() == user',
),
// ... lines 45 - 47
],
// ... lines 49 - 65
)]
// ... lines 67 - 87
class DragonTreasure
{
// ... lines 90 - 247
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Only Allow Owners to Edit
251 lines | src/Entity/DragonTreasure.php
// ... lines 1 - 27
#[ApiResource(
// ... lines 29 - 30
operations: [
// ... lines 32 - 40
new Put(
security: 'is_granted("ROLE_TREASURE_EDIT")',
),
new Patch(
security: 'is_granted("ROLE_TREASURE_EDIT")',
),
// ... lines 47 - 49
],
// ... lines 51 - 67
)]
// ... lines 69 - 89
class DragonTreasure
{
// ... lines 92 - 249
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Only Allow Owners to Edit
248 lines | src/Entity/DragonTreasure.php
// ... lines 1 - 27
#[ApiResource(
// ... lines 29 - 30
operations: [
// ... lines 32 - 40
new Patch(
security: 'is_granted("ROLE_TREASURE_EDIT") and object.owner == user',
),
// ... lines 44 - 46
],
// ... lines 48 - 64
)]
// ... lines 66 - 86
class DragonTreasure
{
// ... lines 89 - 246
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Only Allow Owners to Edit
248 lines | src/Entity/DragonTreasure.php
// ... lines 1 - 27
#[ApiResource(
// ... lines 29 - 30
operations: [
// ... lines 32 - 40
new Patch(
security: 'is_granted("ROLE_TREASURE_EDIT") and object.getOwner() == user',
),
// ... lines 44 - 46
],
// ... lines 48 - 64
)]
// ... lines 66 - 86
class DragonTreasure
{
// ... lines 89 - 246
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Only Allow Owners to Edit
249 lines | src/Entity/DragonTreasure.php
// ... lines 1 - 27
#[ApiResource(
// ... lines 29 - 30
operations: [
// ... lines 32 - 40
new Patch(
security: 'is_granted("ROLE_TREASURE_EDIT") and object.getOwner() == user',
securityPostDenormalize: 'object.getOwner() == user',
),
// ... lines 45 - 47
],
// ... lines 49 - 65
)]
// ... lines 67 - 87
class DragonTreasure
{
// ... lines 90 - 247
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Testing Token Authentication
245 lines | src/Entity/DragonTreasure.php
// ... lines 1 - 27
#[ApiResource(
// ... lines 29 - 30
operations: [
// ... lines 32 - 37
new Post(
security: 'is_granted("ROLE_TREASURE_CREATE")',
),
// ... lines 41 - 49
],
// ... lines 51 - 64
)]
// ... lines 66 - 83
class DragonTreasure
{
// ... lines 86 - 243
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Deny Access with The "security" Option
237 lines | src/Entity/DragonTreasure.php
// ... lines 1 - 26
#[ApiResource(
// ... lines 28 - 29
operations: [
// ... lines 31 - 36
new Post(
security: 'is_granted("ROLE_TREASURE_CREATE")',
),
// ... lines 40 - 41
],
// ... lines 43 - 56
)]
// ... lines 58 - 75
class DragonTreasure
{
// ... lines 78 - 235
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Deny Access with The "security" Option
245 lines | src/Entity/DragonTreasure.php
// ... lines 1 - 27
#[ApiResource(
// ... lines 29 - 30
operations: [
// ... lines 32 - 40
new Put(
security: 'is_granted("ROLE_TREASURE_EDIT")',
),
// ... lines 44 - 49
],
// ... lines 51 - 64
)]
// ... lines 66 - 83
class DragonTreasure
{
// ... lines 86 - 243
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Deny Access with The "security" Option
245 lines | src/Entity/DragonTreasure.php
// ... lines 1 - 27
#[ApiResource(
// ... lines 29 - 30
operations: [
// ... lines 32 - 43
new Patch(
security: 'is_granted("ROLE_TREASURE_EDIT")',
),
// ... lines 47 - 49
],
// ... lines 51 - 64
)]
// ... lines 66 - 83
class DragonTreasure
{
// ... lines 86 - 243
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

Deny Access with The "security" Option
245 lines | src/Entity/DragonTreasure.php
// ... lines 1 - 27
#[ApiResource(
// ... lines 29 - 30
operations: [
// ... lines 32 - 46
new Delete(
security: 'is_granted("ROLE_ADMIN")',
),
],
// ... lines 51 - 64
)]
// ... lines 66 - 83
class DragonTreasure
{
// ... lines 86 - 243
}
See Code Block in Script
Code

Learn APIs

 >

API Platform 3 Part 2: Security for your Treasures

 >

API Login Form with json_login
20 lines | src/Controller/SecurityController.php
// ... lines 1 - 7
use Symfony\Component\Security\Http\Attribute\CurrentUser;
class SecurityController extends AbstractController
{
#[Route('/login', name: 'app_login', methods: ['POST'])]
public function login(#[CurrentUser] $user = null): Response
{
// ... lines 15 - 17
}
}
See Code Block in Script
Comment

Learn Symfony 5

 >

Charming Development in Symfony 5

 >

Flex, Recipes & Aliases
How do I download security checker when flex.symfony.com does not exist anymore and the security checker GitHub is read-only?
Titanism
Titanism
Read Full Comment
Code

Learn Symfony 5

 >

Symfony 5 Security: Authenticators

 >

Custom Redirect when "Email Not Verified"
41 lines | src/EventSubscriber/CheckVerifiedUserSubscriber.php
// ... lines 1 - 8
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
// ... lines 10 - 12
class CheckVerifiedUserSubscriber implements EventSubscriberInterface
{
public function onCheckPassport(CheckPassportEvent $event)
// ... lines 16 - 26
if (!$user->getIsVerified()) {
throw new CustomUserMessageAuthenticationException(
'Please verify your account before logging in.'
);
}
}
// ... lines 33 - 39
}
See Code Block in Script
Code

Learn Symfony 5

 >

Symfony 5 Security: Authenticators

 >

Custom Redirect when "Email Not Verified"
40 lines | src/EventSubscriber/CheckVerifiedUserSubscriber.php
// ... lines 1 - 5
use App\Security\AccountNotVerifiedAuthenticationException;
// ... lines 7 - 13
class CheckVerifiedUserSubscriber implements EventSubscriberInterface
{
public function onCheckPassport(CheckPassportEvent $event)
{
// ... lines 18 - 27
if (!$user->getIsVerified()) {
throw new AccountNotVerifiedAuthenticationException();
}
}
// ... lines 32 - 38
}
See Code Block in Script
Code

Learn Symfony 5

 >

Symfony 5 Security: Authenticators

 >

Custom Redirect when "Email Not Verified"
47 lines | src/EventSubscriber/CheckVerifiedUserSubscriber.php
// ... lines 1 - 12
use Symfony\Component\Security\Http\Event\LoginFailureEvent;
class CheckVerifiedUserSubscriber implements EventSubscriberInterface
{
// ... lines 17 - 38
public static function getSubscribedEvents()
{
return [
// ... line 42
LoginFailureEvent::class => 'onLoginFailure',
];
}
}
See Code Block in Script
Code

Learn Symfony 5

 >

Symfony 5 Security: Authenticators

 >

Custom Redirect when "Email Not Verified"
47 lines | src/EventSubscriber/CheckVerifiedUserSubscriber.php
// ... lines 1 - 12
use Symfony\Component\Security\Http\Event\LoginFailureEvent;
class CheckVerifiedUserSubscriber implements EventSubscriberInterface
{
// ... lines 17 - 33
public function onLoginFailure(LoginFailureEvent $event)
{
dd($event);
}
// ... lines 38 - 45
}
See Code Block in Script
Code

Learn Symfony 5

 >

Symfony 5 Security: Authenticators

 >

Activating 2FA
50 lines | src/Controller/SecurityController.php
// ... lines 1 - 4
use Doctrine\ORM\EntityManagerInterface;
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Totp\TotpAuthenticatorInterface;
// ... lines 7 - 12
class SecurityController extends BaseController
{
// ... lines 15 - 37
public function enable2fa(TotpAuthenticatorInterface $totpAuthenticator, EntityManagerInterface $entityManager)
{
// ... lines 40 - 47
}
}
See Code Block in Script
46 47 48 49 50