I've found this question: Get security token for non-logged user with Symfony
Which help me think that I could set a new Security token (instead to try to update the roles in the existing one). The roles of my users are not stored in the User table so it would make sense.
public function strangeAction()
{
// Get your User, however you normally get it
$user = $userRepository->find($id);
// Save the original token in the session (just in case I need to reverse it)
$originalToken = $this->get("security.context")->getToken();
$this->getRequest()->getSession()->set('original.security.token', $originalToken);
// Create my new custom token (loading the roles of the user)
$token = new UsernamePasswordToken($user, null, "main", $user->getRolesMagically());
// Update the security context with the new token
$this->get("security.context")->setToken($token);
// Now you have access to isGranted()
if ($this->get("security.context")->isGranted("ROLE_SOMETHING"))
}
I feel confident about this solution but I'd like some more input if possible.
ie. Why should I not do it like this?