I have a users table where roles field contains ["ROLE_SUPERUSER"]
Now I have two Urls:
- localhost:8000/api/en/login
- localhost:8000/api/en/test
When the user successfully logins, it generate a cookie. How can set the access control to the second URL where if the cookie is not set then this URL is not allowed.
I have added following lines to the security.yaml file
access_control:
- { path: ^/api/{locale}, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/{locale}, roles: ROLE_SUPERUSER}
But this didn't work.
Any help?