It is possible to only allow certain user roles to log in without checking the roles of the specific user in your own code.
Simply add the allowed roles to the access_control config in the config/packages/security.yaml file for you login route:
security:
# ...
access_control:
- { path: ^/login, roles: [ROLE_SUPER_ADMIN, ROLE_ADMIN] }
This way you everybody can try to login, but only users with the role ROLE_SUPER_ADMIN
or ROLE_ADMIN
can successfully log in.