hZArHf0N

· 8 years ago · Mar 23, 2017, 02:10 PM
1# To get started with security, check out the documentation:
2# http://symfony.com/doc/current/book/security.html
3security:
4encoders:
5    ProjectEntityUser:
6        algorithm:  bcrypt
7        cost:       15
8    FOSUserBundleModelUserInterface:
9        algorithm:  bcrypt
10        cost:       15
11
12role_hierarchy:
13    ROLE_STAFF: [ROLE_USER]
14    ROLE_CLIENT: [ROLE_STAFF, ROLE_USER]
15    ROLE_ADMIN: [ROLE_CLIENT, ROLE_USER]
16    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
17
18# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
19providers:
20    chain_provider:
21        chain:
22            providers: [in_memory, users, admins]
23    in_memory:
24        memory:
25            users:
26                user: { password: userpass, roles: [ 'ROLE_USER' ] }
27                staff: { password: userpass, roles: [ 'ROLE_STAFF' ] }
28                client: { password: userpass, roles: [ 'ROLE_CLIENT' ] }
29                admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
30
31    users:
32        entity: { class: ProjectEntityUser, property: email }
33    admins:
34        entity: { class: ProjectEntityUser, property: username }
35
36firewalls:
37    # EXCLUDE FROM OAUTH
38    api_init:
39        pattern: ^/api/init
40        security:  false
41        stateless: true
42    api_user_password_reset:
43        pattern: ^/api/user/password
44        security:  false
45        methods: [POST]
46    api_facebook_connect:
47        pattern: ^/api/facebook-connect
48        security:  false
49        stateless: true
50    api_register:
51        pattern: ^/api/register
52        security:  false
53        stateless: true
54    api_login:
55        pattern: ^/api/login
56        security:  false
57        stateless: true
58
59    # OAUTH API
60    oauth_token:
61        pattern:    ^/oauth/v2/token
62        security:   false
63
64    oauth_authorize:
65        pattern:    ^/oauth/v2/auth
66        form_login:
67          provider: users
68          login_path: _demo_login
69          check_path: _security_check
70        anonymous: true
71
72    api:
73        pattern:    ^/api
74        fos_oauth:  true
75        stateless:  true
76        anonymous:  false
77
78    # disables authentication for assets and the profiler, adapt it according to your needs
79    dev:
80        pattern: ^/(_(profiler|wdt)|css|images|js)/
81        security: false
82
83    cms:
84        pattern:    ^/
85        provider: admins
86        form_login:
87            login_path: /
88            check_path: /login_check
89            remember_me: true
90            csrf_provider: security.csrf.token_manager
91            csrf_parameter: _csrf_security_token
92            use_referer: true
93
94        remember_me:
95            key: "%secret%"
96            always_remember_me: true
97
98        logout:
99            path: /cms/logout
100            target: login
101
102        security: true
103        anonymous: ~
104
105access_control:
106    - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }
107    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
108    - { path: ^/cms/error/page, role: IS_AUTHENTICATED_ANONYMOUSLY }
109    - { path: ^/cms, roles: [ROLE_CLIENT, ROLE_ADMIN] }
110    - { path: ^/cms/clients, roles: ROLE_ADMIN }
111    - { path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }