From edf48de9b7bb13cb082da6664dfd90b86f3f9075 Mon Sep 17 00:00:00 2001
From: Alex <alex@pop-os.heliobroadband.com>
Date: Thu, 4 Jun 2026 16:59:35 -0700
Subject: [PATCH] lock registration

---
 config/packages/security.yaml             | 1 +
 src/Controller/RegistrationController.php | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index 4ee4332..5933cef 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -37,6 +37,7 @@ security:
     # Note: Only the *first* matching rule is applied
     access_control:
         - { path: ^/brain, roles: ROLE_ADMIN }
+        - { path: /letmein/register, roles: ROLE_ADMIN }
         # - { path: ^/profile, roles: ROLE_USER }
 
 when@test:
diff --git a/src/Controller/RegistrationController.php b/src/Controller/RegistrationController.php
index 019d6a7..6569d95 100644
--- a/src/Controller/RegistrationController.php
+++ b/src/Controller/RegistrationController.php
@@ -16,6 +16,8 @@ class RegistrationController extends AbstractController
     #[Route('/letmein/register', name: 'app_register')]
     public function register(Request $request, UserPasswordHasherInterface $userPasswordHasher, EntityManagerInterface $entityManager): Response
     {
+        $this->denyAccessUnlessGranted('ROLE_ADMIN');
+        
         $user = new User();
         $form = $this->createForm(RegistrationFormType::class, $user);
         $form->handleRequest($request);