I wanted to know if doing only a is_granted(ROLE_ADMIN) in twig is enough to secure a form.
I mean the form is available to anyone:
- some widget with choice selection are available to anyone to change.
- other widgets (widget about administration in the same form) are only displayed if ROLE_ADMIN is granted.
Is it enough to make it safe for administration stuff in this form to be only changed by the ROLE_ADMIN ? Or should I secure as well the controller.
(securing the controller would make me write much more, because right now I just have to do a flush(). then I would have to make many more tests for all the POST I got through the form request)
Aucun commentaire:
Enregistrer un commentaire