Menu
I have an action like:
/**
* @Security("is_granted('ROLE_USER_EDITOR')")
* @Route("/{email}")
* @Method("GET")
*/
public function getAction(User $user)
The problem is that the ParamConverter takes precedence over the @Security annotation.
If I am not authorized and supply an existing email, I get redirected to the login page. This is expected and correct.
But when I am not authorized and supply an non-existing email, I get a 404 saying that the User cannot be found.
I would think that authorization checking is more important than parameter converting.
How do I let the Security annotation take precedence over the Param Converter?
975
You could avoid getting a 404 by adding a null default value to the $user parameter.
/**
* @Security("is_granted('ROLE_USER_EDITOR')")
* @Route("/{email}")
* @Method("GET")
*/
getAction(User $user = null) {
if ($user === null) {
return $this->createNotFoundException();
}
...
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
