Restricting Symfony Routes Based On A User's Role
By the end of this video you will have seen how we can use Symfony's Security Roles to restrict access to specific routes inside our API.
The concepts here also apply to any Symfony project, not just to FOS REST Bundle routes.
You will see a user's
Role can allow or deny access to a given URL (technically it's URI).
You'll see how invaluable the tests become as we start being able to quickly prove what is and isn't working when we apply Security Roles to our project.
Sometimes I find the Symfony manual to explain a point in a way I either don't understand, or find myself re-reading over and over until it finally clicks. Often, if it doesn't sink in after the first read, I will try and find a different source to better explain the given topic.
Roles and Groups was one of these topics.
With that in mind, I highly recommend reading this StackOverflow post, which is like a TL;DR version of what the difference between Roles and Groups are. And it's written in a way that I personally, found much easier to understand than the official version.