Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- security:
- providers:
- fos_userbundle:
- id: fos_user.user_manager
- acl:
- connection: default
- encoders:
- FOS\UserBundle\Model\UserInterface: sha512
- role_hierarchy:
- # # for convenience, I decided to gather Sonata roles here
- # ROLE_SONATA_FOO_READER:
- # - ROLE_SONATA_ADMIN_DEMO_FOO_LIST
- # - ROLE_SONATA_ADMIN_DEMO_FOO_VIEW
- # ROLE_SONATA_FOO_EDITOR:
- # - ROLE_SONATA_ADMIN_DEMO_FOO_CREATE
- # - ROLE_SONATA_ADMIN_DEMO_FOO_EDIT
- # ROLE_SONATA_FOO_ADMIN:
- # - ROLE_SONATA_ADMIN_DEMO_FOO_DELETE
- # - ROLE_SONATA_ADMIN_DEMO_FOO_EXPORT
- # those are the roles I will use (less verbose)
- ROLE_ADMIN: [ROLE_STAFF, ROLE_SONATA_FOO_EDITOR, ROLE_SONATA_FOO_ADMIN]
- ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
- # set access_strategy to unanimous, else you may have unexpected behaviors
- access_decision_manager:
- strategy: unanimous
- firewalls:
- # -> custom firewall for the admin area of the URL
- admin:
- pattern: /admin(.*)
- form_login:
- provider: fos_userbundle
- login_path: /admin/login
- use_forward: false
- check_path: /admin/login_check
- failure_path: null
- logout:
- path: /admin/logout
- anonymous: true
- # -> end custom configuration
- # defaut login area for standard users
- main:
- pattern: .*
- form_login:
- provider: fos_userbundle
- login_path: /login
- use_forward: false
- check_path: /login_check
- failure_path: null
- logout: true
- anonymous: true
- access_control:
- # URL of FOSUserBundle which need to be available to anonymous users
- - { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- # AsseticBundle paths used when using the controller for assets
- - { path: ^/js/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/css/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- # URL of FOSUserBundle which need to be available to anonymous users
- - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/admin/login-check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/user/new$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/user/check-confirmation-email$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/user/confirm/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/user/confirmed$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/user/request-reset-password$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/user/send-resetting-email$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/user/check-resetting-email$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/user/reset-password/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- # Secured part of the site
- # This config requires being logged for the whole site and having the admin role for the admin part.
- # Change these rules to adapt them to your needs
- - { path: ^/admin/, role: ROLE_ADMIN }
- - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
- parameters:
- # ... other parameters
- security.acl.permission.map.class: Sonata\AdminBundle\Security\Acl\Permission\AdminPermissionMap
- # optionally use a custom MaskBuilder
- #sonata.admin.security.mask.builder.class: Sonata\AdminBundle\Security\Acl\Permission\MaskBuilder
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement