Is it possible to secure an entire class. I tried looking for a discussion in this topic but I couln't find anything. Is there any reason why this has not implemented? I can work on a PR but I would like to know first if there is anything I should know?
We could add that. Apart from a slight performance impact, I can't see a reason against this.
This feature would be quite handy for me as well, especially if it supported cascading permissions (i.e. specify that all actions on a controller require a certain role, but one or two actions require additional roles).
It's not exactly difficult to add them by hand, but it would be very handy for rapid application development.
@PreAuthorize can now be used on class-level.
/** @PreAuthorize("hasRole('A') or (hasRole('B') and hasRole('C'))") */
public function secureMethod()