Stop Rewriting Drupal: Why Using Symfony Event Subscribers Can Break Your Site
Laurent Birades, in a blog post officially shared in French on LinkedIn, criticises the common Drupal development mistake of using Symfony Event Subscribers to manage permissions, a pattern he says leads to broken admin interfaces and hard-to-maintain codebases.
He illustrates how hardcoding access logic in PHP bypasses Drupal’s built-in role and permission system, freezing out administrators and creating brittle permission structures. Using an Event Subscriber to block users based on roles like ROLE_ADMIN may work technically, but violates the modular and UI-integrated design Drupal offers by default.
Laurent recommends switching to proven, native alternatives: ACE for fine-grained entity permissions, Content Access for managing content-level controls, and Permissions by Term for taxonomy-based access rules. These tools ensure flexibility, UI compatibility, and maintainable permission systems — the opposite of what Symfony overlays tend to create.
Reference: #1 l’Event Subscriber de trop — Quand un projet Drupal devient un monstre Symfony (12 November 2025)
ASK: Drupal Community Needs Your Support
View all →
Disclosure: This content is produced with the assistance of AI.
Disclaimer: The opinions expressed in this story do not necessarily represent that of TheDropTimes. We regularly share third-party blog posts that feature Drupal in good faith. TDT recommends Reader's discretion while consuming such content, as the veracity/authenticity of the story depends on the blogger and their motives.
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please reach out to us at #thedroptimes channel on Drupal Slack and we will try to address the issue as best we can.
Related People
You may also like
