Restrinct access only for Admin User

     

I'm trying to deny access to all users that aren't admin to my user's list.


My route is : http://localhost/exchangeIt/web/backend/llistaUsuaris.


So I tried to deny it in the security.yml file.


role_hierarchy:   ROLE_ADMIN: ROLE_USER   ROLE_SUPER_ADMIN: ROLE_ADMIN   ROLE_TRANSLATOR: ROLE_TRANS
access_control:
- { path:  /backend/llistaUsuaris/ role: ROLE_ADMIN }  

But if i join with a common user and copy paste the url i can access even if im not admin user.

  
"
answer1
  
  

Is there any other security check ? If yes - show us your code