PHPackages                             jmf/route-access-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. jmf/route-access-bundle

ActiveSymfony-bundle[Authentication &amp; Authorization](/categories/authentication)

jmf/route-access-bundle
=======================

Route access Symfony bundle

1.0.0(2w ago)012↑150%mitPHPPHP &gt;=8.3CI passing

Since May 24Pushed 2w agoCompare

[ Source](https://github.com/jmfeurprier/route-access-bundle)[ Packagist](https://packagist.org/packages/jmf/route-access-bundle)[ RSS](/packages/jmf-route-access-bundle/feed)WikiDiscussions 1.0 Synced 1w ago

READMEChangelogDependencies (13)Versions (2)Used By (0)

jmf/route-access-bundle
=======================

[](#jmfroute-access-bundle)

A Symfony bundle that restricts route access based on user roles, configured via YAML. Define which roles may access which routes — including wildcard patterns — without touching individual controllers.

Requirements
------------

[](#requirements)

- PHP 8.3+
- Symfony 7.0 or 8.0

Installation
------------

[](#installation)

```
composer require jmf/route-access-bundle
```

Register the bundle in `config/bundles.php` if not using Symfony Flex:

```
return [
    // ...
    Jmf\RouteAccess\JmfRouteAccessBundle::class => ['all' => true],
];
```

Quick Start
-----------

[](#quick-start)

Create `config/packages/jmf_route_access.yaml`:

```
jmf_route_access:

    policy:
        public_routes:
            - 'app_login'
            - 'app_logout'

        roles:
            ROLE_USER:
                - 'app_home'
                - 'post.index'
                - 'post.read'

            ROLE_ADMIN:
                - '*'
```

That's it — the bundle automatically enforces access on every request. Unauthenticated or unauthorized users receive an `AccessDeniedException`.

Configuration Reference
-----------------------

[](#configuration-reference)

```
jmf_route_access:

    policy:

        # Routes that are always accessible, regardless of authentication or roles.
        # Supports wildcard patterns: "*" matches any sequence of characters.
        # Default: ["*"] (all routes are public). Override to restrict access.
        public_routes:
            - 'app_login'
            - 'app_logout'
            - '_preview_error'  # Error preview
            - '_profiler*'      # Symfony profiler
            - '_wdt*'           # Web Debug Toolbar

        # Map each Symfony role to the list of route names (or patterns) it may access.
        # Role hierarchy is respected: a role inherits the routes of all roles below it.
        # Use "*" as the sole entry to grant access to all routes.
        roles:

            ROLE_USER:
                - 'app_home'
                - 'app_profile'
                - 'app_profile_edit'
                - 'post.index'
                - 'post.read'
                - 'comment.create'

            ROLE_EDITOR:
                - 'post.create'
                - 'post.update'
                - 'post.delete'
                - 'comment.delete'
                - 'media.*'         # Grants access to all routes matching "media.*"

            ROLE_ADMIN:
                - '*'               # Grants access to all routes

    # Optional prefix for Twig functions registered by this bundle.
    # Default: '' (no prefix). Example: 'jmf_' registers 'jmf_can_access_route'.
    twig_functions_prefix: ''
```

A sample configuration file is also available in the [`samples/`](samples/) directory.

Wildcard Patterns
-----------------

[](#wildcard-patterns)

Route names and patterns support `*` as a wildcard that matches any sequence of characters:

PatternMatches`post.read``post.read` only`post.*``post.index`, `post.read`, `post.create``_profiler*``_profiler`, `_profiler_toolbar`, …`*`Any routeRole Hierarchy
--------------

[](#role-hierarchy)

Symfony's role hierarchy is fully respected. If `ROLE_ADMIN` inherits `ROLE_EDITOR` in `security.yaml`, an admin user automatically has access to all routes granted to `ROLE_EDITOR` without any duplication in the bundle configuration.

How It Works
------------

[](#how-it-works)

1. **`RouteAccessSubscriber`** listens on `kernel.controller` and calls Symfony's `AuthorizationCheckerInterface` for every main request.
2. **`RouteAccessVoter`** resolves the current user's reachable roles (via role hierarchy) and checks whether any of them grants access to the requested route.
3. If access is denied, an `AccessDeniedException` is thrown, which Symfony handles according to your firewall configuration (redirect to login, return 403, etc.).

Programmatic Access Check
-------------------------

[](#programmatic-access-check)

Use `RouteAccessGuardInterface` to check route access from your own code:

```
use Jmf\RouteAccess\Guard\RouteAccessGuardInterface;

class MyService
{
    public function __construct(
        private readonly RouteAccessGuardInterface $routeAccessGuard,
    ) {}

    public function canEdit(): bool
    {
        return $this->routeAccessGuard->canAccessRoute('post.update');
    }
}
```

License
-------

[](#license)

MIT

###  Health Score

41

—

FairBetter than 87% of packages

Maintenance97

Actively maintained with recent releases

Popularity8

Limited adoption so far

Community2

Small or concentrated contributor base

Maturity48

Maturing project, gaining track record

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

17d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/6b08b8105ec8bc88d1c911e10dbf156814769650a67960e2f3d71ed6d2417f0d?d=identicon)[jmfeurprier](/maintainers/jmfeurprier)

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan, Rector

Code StylePHP\_CodeSniffer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/jmf-route-access-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/jmf-route-access-bundle/health.svg)](https://phpackages.com/packages/jmf-route-access-bundle)
```

###  Alternatives

[easycorp/easyadmin-bundle

Admin generator for Symfony applications

4.3k17.5M370](/packages/easycorp-easyadmin-bundle)[sulu/sulu

Core framework that implements the functionality of the Sulu content management system

1.3k1.4M195](/packages/sulu-sulu)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)