forked from deblan/gist
Fix issue #5 - Enforce registration
This commit is contained in:
parent
71bfa8f7cb
commit
229f532ac0
14
README.md
14
README.md
|
|
@ -225,6 +225,20 @@ Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['enable
|
|||
|
||||
Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['enable_registration']` with `false`.
|
||||
|
||||
#### Force registration/login
|
||||
|
||||
##### Login required to edit a gist
|
||||
|
||||
Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['login_required_to_edit_gist']` with `true`.
|
||||
|
||||
##### Login required to view a gist
|
||||
|
||||
Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['login_required_to_view_gist']` with `true`.
|
||||
|
||||
##### Login required to view an embeded gist
|
||||
|
||||
Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['login_required_to_view_embeded_gist']` with `true`.
|
||||
|
||||
### Debug
|
||||
|
||||
`app_dev.php` is the development router. Access is granted for an IP range defined in the same file.
|
||||
|
|
|
|||
|
|
@ -13,6 +13,10 @@ use Symfony\Component\Security\Http\HttpUtils;
|
|||
|
||||
$app['enable_registration'] = true;
|
||||
$app['enable_login'] = true;
|
||||
$app['login_required_to_edit_gist'] = false;
|
||||
$app['login_required_to_view_gist'] = false;
|
||||
$app['login_required_to_view_embeded_gist'] = false;
|
||||
|
||||
$app['token'] = 'ThisTokenIsNotSoSecretChangeIt';
|
||||
|
||||
$app['salt_generator'] = $app->share(function($app) {
|
||||
|
|
@ -46,9 +50,7 @@ $app['security.authentication_listener.factory.form'] = $app->protect(function (
|
|||
];
|
||||
});
|
||||
|
||||
$app->register(
|
||||
new SecurityServiceProvider(),
|
||||
[
|
||||
$firewall = [
|
||||
'security.firewalls' => [
|
||||
'default' => [
|
||||
'pattern' => '^/',
|
||||
|
|
@ -75,9 +77,32 @@ $app->register(
|
|||
'security.access_rules' => [
|
||||
['^/[a-z]{2}/my.*$', 'ROLE_USER'],
|
||||
]
|
||||
]
|
||||
);
|
||||
];
|
||||
|
||||
if ($app['login_required_to_edit_gist'] || $app['login_required_to_view_gist'] || $app['login_required_to_view_embeded_gist']) {
|
||||
$securityRegexp = '^/[a-z]{2}';
|
||||
$exceptedUriPattern = ['login', 'register'];
|
||||
|
||||
if ($app['login_required_to_view_gist'] === true) {
|
||||
$firewall['security.access_rules'][] = ['^/[a-z]{2}/view.*$', 'ROLE_USER'];
|
||||
$firewall['security.access_rules'][] = ['^/[a-z]{2}/revs.*$', 'ROLE_USER'];
|
||||
} else {
|
||||
$exceptedUriPattern[] = 'view';
|
||||
$exceptedUriPattern[] = 'revs';
|
||||
}
|
||||
|
||||
if ($app['login_required_to_view_embeded_gist'] === true) {
|
||||
$firewall['security.access_rules'][] = ['^/[a-z]{2}/embed.*$', 'ROLE_USER'];
|
||||
} else {
|
||||
$exceptedUriPattern[] = 'embed';
|
||||
}
|
||||
|
||||
if ($app['login_required_to_edit_gist'] === true) {
|
||||
$firewall['security.access_rules'][] = ['^/[a-z]{2}/(?!('.implode('|', $exceptedUriPattern).')).*$', 'ROLE_USER'];
|
||||
}
|
||||
}
|
||||
|
||||
$app->register(new SecurityServiceProvider(), $firewall);
|
||||
$app->register(new SessionServiceProvider());
|
||||
$app->register(new RememberMeServiceProvider());
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue