This repository has been archived by the owner on Jul 28, 2022. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 197
/
security.yml
102 lines (87 loc) · 3.88 KB
/
security.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
parameters:
security.acl.permission.map.class: Sonata\AdminBundle\Security\Acl\Permission\AdminPermissionMap
security:
encoders:
Application\Sonata\UserBundle\Entity\User:
algorithm: sha512
encode_as_base64: false
iterations: 1
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH, ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT, ROLE_SONATA_PAGE_ADMIN_BLOCK_EDIT]
SONATA:
# if you are not using acl then this line must be uncommented
#- ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT
#- ROLE_SONATA_PAGE_ADMIN_BLOCK_EDIT
providers:
fos_userbundle:
id: fos_user.user_manager
in_memory:
memory:
users:
admin: { password: admin, roles: 'ROLE_ADMIN' }
firewalls:
# Disabling the security for the web debug toolbar, the profiler and Assetic.
dev:
pattern: ^/(_(profiler|wdt)|css|images|js|admin/_(wdt|profiler)|api/_(wdt|profiler))/
security: false
# This firewall is used to handle the admin login area
# This part is handled by the Sonata User Bundle
admin:
pattern: /admin(.*)
context: user
form_login:
provider: fos_userbundle
login_path: /admin/login
use_forward: false
check_path: /admin/login_check
failure_path: null
logout:
path: /admin/logout
anonymous: true
api:
pattern: /api/(.*)
http_basic:
realm: "Secured Demo Area"
provider: in_memory
stateless: true
# This firewall is used to handle the public login area
# This part is handled by the FOS User Bundle
main:
pattern: .*
context: user
form_login:
provider: fos_userbundle
login_path: /login
use_forward: false
check_path: /login_check
failure_path: null
logout:
path: /logout
# We set invalidate_session to false because we want basket
# to be fully persisted even when user logout and login again
invalidate_session: false
handlers: ['sonata.page.cms_manager_selector', 'sonata.basket.factory']
anonymous: true
switch_user: true
access_control:
# URL of FOSUserBundle which need to be available to anonymous users
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Admin login page needs to be access without credential
- { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/login-check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Secured part of the site
# This config requires being logged for the whole site and having the admin role for the admin part.
# It also secures the shop checkout process
# Change these rules to adapt them to your needs
- { path: ^/admin/, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
- { path: ^/profile/, role: IS_AUTHENTICATED_FULLY }
- { path: ^/shop/basket/step/, role: IS_AUTHENTICATED_FULLY }
- { path: ^/shop/user/, role: IS_AUTHENTICATED_FULLY }
- { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
acl:
connection: default