|
|
@@ -1,41 +1,44 @@
|
|
|
security:
|
|
|
- encoders:
|
|
|
- Symfony\Component\Security\Core\User\User: plaintext
|
|
|
-
|
|
|
- role_hierarchy:
|
|
|
- ROLE_ADMIN: ROLE_USER
|
|
|
- ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
|
|
|
-
|
|
|
providers:
|
|
|
- in_memory:
|
|
|
- users:
|
|
|
- user: { password: userpass, roles: [ 'ROLE_USER' ] }
|
|
|
- admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
|
|
|
+ fos_userbundle:
|
|
|
+ id: fos_user.user_manager
|
|
|
|
|
|
firewalls:
|
|
|
- profiler:
|
|
|
- pattern: ^/_profiler
|
|
|
- security: false
|
|
|
-
|
|
|
- wdt:
|
|
|
- pattern: ^/_wdt
|
|
|
- security: false
|
|
|
-
|
|
|
- login:
|
|
|
- pattern: ^/demo/secured/login$
|
|
|
- security: false
|
|
|
-
|
|
|
- secured_area:
|
|
|
- pattern: ^/demo/secured/
|
|
|
+ main:
|
|
|
+ pattern: .*
|
|
|
form_login:
|
|
|
- check_path: /demo/secured/login_check
|
|
|
- login_path: /demo/secured/login
|
|
|
- logout:
|
|
|
- path: /demo/secured/logout
|
|
|
- target: /demo/
|
|
|
- #anonymous: ~
|
|
|
- #http_basic:
|
|
|
- # realm: "Secured Demo Area"
|
|
|
+ provider: fos_userbundle
|
|
|
+ login_path: /login
|
|
|
+ use_forward: false
|
|
|
+ check_path: /login_check
|
|
|
+ failure_path: null
|
|
|
+ logout: true
|
|
|
+ anonymous: true
|
|
|
|
|
|
access_control:
|
|
|
- #- { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
|
|
|
+ # The WDT has to be allowed to anonymous users to avoid requiring the login with the AJAX request
|
|
|
+ - { path: ^/_wdt/, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
|
+ - { path: ^/_profiler/, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
|
+ # AsseticBundle paths used when using the controller for assets
|
|
|
+ - { path: ^/js/, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
|
+ - { path: ^/css/, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
|
+ # URL of FOSUserBundle which need to be available to anonymous users
|
|
|
+ - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
|
+ - { path: ^/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY } # for the case of a failed login
|
|
|
+ - { path: ^/user/new$, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
|
+ - { path: ^/user/check-confirmation-email$, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
|
+ - { path: ^/user/confirm/, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
|
+ - { path: ^/user/confirmed$, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
|
+ - { path: ^/user/request-reset-password$, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
|
+ - { path: ^/user/send-resetting-email$, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
|
+ - { path: ^/user/check-resetting-email$, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
|
+ - { path: ^/user/reset-password/, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
|
+ # Secured part of the site
|
|
|
+ # This config requires being logged for the whole site and having the admin role for the admin part.
|
|
|
+ # Change these rules to adapt them to your needs
|
|
|
+ - { path: ^/admin/, role: ROLE_ADMIN }
|
|
|
+ - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
|
+
|
|
|
+ role_hierarchy:
|
|
|
+ ROLE_ADMIN: ROLE_USER
|
|
|
+ ROLE_SUPERADMIN: ROLE_ADMIN
|
xaav