Moved all doc src to src folder

Makefile

@@ -2,6 +2,7 @@
 #
 
 # You can set these variables from the command line.
+SOURCEDIR     = src
 SPHINXOPTS    =
 SPHINXBUILD   = sphinx-build
 SPHINXPROJ    = RoadizDoc
@@ -16,7 +17,7 @@ endif
 # Internal variables.
 PAPEROPT_a4     = -D latex_paper_size=a4
 PAPEROPT_letter = -D latex_paper_size=letter
-ALLSPHINXOPTS   = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
+ALLSPHINXOPTS   = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) $(SOURCEDIR)
 # the i18n builder cannot share the environment and doctrees with the others
 I18NSPHINXOPTS  = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
 
@@ -66,7 +67,17 @@ singlehtml:
 	@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
 
 livehtml:
-	sphinx-autobuild -B --ignore "*/$(BUILDDIR)/*" --ignore "*/.git/*" --ignore "*/roadiz_rtd_theme/*" --ignore "*.pickle" --ignore "*.doctree" --ignore "*HEAD" --ignore "*FETCH_HEAD" -b html $(ALLSPHINXOPTS) ${SOURCEDIR} $(BUILDDIR)/html
+	sphinx-autobuild -B --ignore "*/$(BUILDDIR)/*" \
+						--ignore "*/_static/*" \
+						--ignore "*/Makefile" \
+						--ignore "*/.idea/*" \
+						--ignore "*/.git/*" \
+						--ignore "*/roadiz_rtd_theme/*" \
+						--ignore "*rst~" \
+						--ignore "*.pickle" \
+						--ignore "*.doctree" \
+						--ignore "*HEAD" \
+						--ignore "*FETCH_HEAD" -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
 
 pickle:
 	$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle

conf.py → src/conf.py

@@ -243,7 +243,7 @@
 #html_file_suffix = None
 
 # Output file base name for HTML help builder.
-htmlhelp_basename = 'Roadizdoc'
+htmlhelp_basename = 'roadiz_doc'
 
 
 # -- Options for LaTeX output ---------------------------------------------

src/user/users/intro.rst

@@ -0,0 +1,126 @@
+.. _managing_users:
+
+Managing users
+==============
+
+This is a simple guide on how to create and manage users using Roadiz CLI.
+
+There are two ways of adding users, via the back-office and in command-line, both will be displayed in each section.
+
+When working with Roadiz in the back-office, you can easily manage users via the *User system* icon in the toolbar.
+
+.. image:: ./img/add_user_toolbar.png
+    :align: center
+
+Create a new user
+-----------------
+
+.. image:: ./img/add_user_button.png
+    :align: center
+
+You can add users simply by clicking *Add an user* button.
+
+.. image:: ./img/roadiz_add_user.png
+    :align: center
+
+If you create an user without specifying its *password*, an email with a password reset link will sent.
+Make sure that you entered the right email and that your Roadiz website has a *mailer* configured. New user will be locked
+unless he or she resets its password first.
+
+.. figure:: ./img/locked_user.png
+    :align: center
+
+    A new user without password will stay locked until he or she resets its password.
+
+The command-line ``bin/roadiz users:create loginname`` starts a new interactive user creation session.
+You will create a new user with login and email, you can also choose if it's a backend user and if it's a superadmin.
+
+Delete user
+-----------
+
+You can remove users by clicking the trashcan icon.
+
+.. image:: ./img/remove_user.png
+    :align: center
+
+The command ``bin/roadiz users:delete loginname`` delete the user "loginname".
+
+Adding role
+-----------
+
+You can edit a users profile the same way you edit a node-type. You can add roles in the *Roles* tab.
+
+.. image:: ./img/add_role_user.png
+    :align: center
+
+If you want to add ``ROLE_SUPERADMIN`` role to "test" user, it would look like this in command-line:
+
+.. code-block:: console
+
+    bin/roadiz users:roles --add loginname
+    # You will be prompted to choose the ROLE with auto-complete feature.
+
+
+Other action
+------------
+
+It is possible to enable or disable users with ``users:enable`` or ``users:disable`` command.
+If a user doesn't remember his password, you can regenerate it with the ``users:password`` command.
+For more informations and more actions, we invite you to check available commands with:
+
+.. code-block:: console
+
+    bin/roadiz list users
+
+
+Enable SSO for back-office users
+--------------------------------
+
+Roadiz is compatible with any **OpenID** single sign-on system (such as Google, Exchange, …) and can
+be configured to allow your company users to login to your back-office with several ``ROLES``.
+
+First, make sure to generate and gather the following information from your *OpenID* provider:
+
+- OpenID client ID
+- OpenID client secret
+- OpenID auto-discovery URL (i.e. for Google GSuite user https://accounts.google.com/.well-known/openid-configuration)
+
+Then you should decide:
+
+- What *roles* (comma separated) you want to be automatically granted to users connected with your SSO. You always can create a more complex strategy in your website by registering a ``RZ\Roadiz\OpenId\Authentication\Provider\JwtRoleStrategy``.
+
+.. code-block:: php
+
+    $container->extend('jwtRoleStrategies', function (array $strategies, Container $c) {
+        return array_merge($strategies, [
+            new MyWebsiteRoleStrategy($c['em'])
+        ]);
+    });
+
+- What domain name to restrict users from. This is very important for *Google Suite* users because the auto-discovery is the same for everybody. You may not want to allow every Google Suite users to access your back-office 😉.
+- A button label for your back-office login page.
+
+
+.. image:: ./img/roadiz_openid_settings.jpg
+    :align: center
+    :width: 300px
+
+Fill all your gathered information to the right *Roadiz* settings.
+
+.. image:: ./img/roadiz_openid_settings_list.jpg
+    :align: center
+    :width: 700px
+
+Then, if your parameter are correct you should see your SSO connect button on *Roadiz* back-office login page.
+Pay attention that if your SSO users do not have sufficient permissions they may have a 403 error after being redirected
+from SSO flow.
+
+.. image:: ./img/roadiz_openid_login.jpg
+    :align: center
+    :width: 300px
+
+.. note::
+
+    Google Suite OpenID implementation is described at https://developers.google.com/identity/protocols/oauth2/openid-connect#discovery
+
+    First, create a new OAuth2 application on https://console.cloud.google.com/ and follow instructions at https://developers.google.com/identity/protocols/oauth2/openid-connect#getcredentials