It is possible to only allow certain user roles to log in without checking the roles of the specific user in your own code.

Simply add the allowed roles to the access_control config in the config/packages/security.yaml file for you login route:

    # ...
        - { path: ^/login, roles: [ROLE_SUPER_ADMIN, ROLE_ADMIN] }

This way you everybody can try to login, but only users with the role ROLE_SUPER_ADMIN or ROLE_ADMIN can successfully log in.

Categories: Symfony