1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# security:
# # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
# providers:
# in_memory: { memory: ~ }
# firewalls:
# dev:
# pattern: ^/(_(profiler|wdt)|css|images|js)/
# security: false
# main:
# anonymous: true
# # activate different ways to authenticate
# # http_basic: true
# # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
# # form_login: true
# # https://symfony.com/doc/current/security/form_login_setup.html
# # Easy way to control access for large sections of your site
# # Note: Only the *first* access control that matches will be used
# access_control:
# # - { path: ^/admin, roles: ROLE_ADMIN }
# # - { path: ^/profile, roles: ROLE_USER }
security:
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
in_memory: { memory: ~ }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# -> custom firewall for the admin area of the URL
# admin:
# pattern: /admin(.*)
# form_login:
# provider: fos_userbundle
# login_path: fos_user_security_login
# check_path: /admin/login_check
# use_forward: false
# failure_path: null
# success_handler: redirect.after.login
# logout:
# path: /admin/logout
# target: /admin/login
# anonymous: true
# switch_user:
# provider: fos_userbundle
# context: mlc_context
# access_denied_handler: App\Security\AccessDeniedHandler
# -> end custom configuration
main:
pattern: ^/
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
check_path: fos_user_security_check
csrf_token_generator: security.csrf.token_manager
success_handler: redirect.after.login
logout:
path: fos_user_security_logout
target: index
anonymous: true
guard:
authenticators:
- App\Security\EmailTokenAuthenticator
provider: fos_userbundle
remember_me:
secret: "%kernel.secret%"
lifetime: 31536000
path: /
domain: ~
user_provider: fos_userbundle
always_remember_me: true
context: mlc_context
switch_user:
provider: fos_userbundle
# access_denied_handler: App\Security\AccessDeniedHandler
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
role_hierarchy:
ROLE_ADHERENT: ROLE_USER
ROLE_PRESTATAIRE: ROLE_USER
ROLE_ADMIN_SIEGE: [ROLE_USER, ROLE_ADMIN]
ROLE_REDACTEUR: [ROLE_USER, ROLE_ADMIN]
ROLE_TRESORIER: [ROLE_USER, ROLE_ADMIN]
ROLE_CONTROLEUR: [ROLE_USER, ROLE_ADMIN]
ROLE_GESTION_GROUPE: [ROLE_USER, ROLE_ADMIN]
ROLE_COMPTOIR: [ROLE_USER, ROLE_ADMIN]
ROLE_CONTACT: [ROLE_USER, ROLE_ADMIN]
ROLE_SUPER_ADMIN: [ROLE_SONATA_ADMIN, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# Admin login page needs to be accessed without credential
# - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/admin/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# Secured part of the site
# This config requires being logged for the whole site and having the admin role for the admin part.
# Change these rules to adapt them to your needs
- { path: ^/admin/, role: [ROLE_SUPER_ADMIN, ROLE_SONATA_ADMIN, ROLE_ADMIN_SIEGE, ROLE_REDACTEUR, ROLE_TRESORIER, ROLE_CONTROLEUR, ROLE_GESTION_GROUPE, ROLE_COMPTOIR, ROLE_CONTACT] }
- { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }