55 lines
2 KiB
YAML
55 lines
2 KiB
YAML
security:
|
|
encoders:
|
|
App\Entity\User:
|
|
algorithm: auto
|
|
|
|
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
|
|
providers:
|
|
# used to reload user from session & other features (e.g. switch_user)
|
|
app_user_provider:
|
|
entity:
|
|
class: App\Entity\User
|
|
property: email
|
|
|
|
role_hierarchy:
|
|
ROLE_WRITER: ROLE_USER
|
|
ROLE_ADMIN: ROLE_WRITER
|
|
|
|
firewalls:
|
|
dev:
|
|
pattern: ^/(_(profiler|wdt)|css|images|js)/
|
|
security: false
|
|
main:
|
|
anonymous: ~
|
|
two_factor:
|
|
auth_form_path: 2fa_login # The route name you have used in the routes.yaml
|
|
check_path: 2fa_login_check # The route name you have used in the routes.yaml
|
|
guard:
|
|
authenticators:
|
|
- App\Core\Authenticator\LoginFormAuthenticator
|
|
form_login:
|
|
login_path: auth_login
|
|
check_path: auth_login
|
|
csrf_token_generator: security.csrf.token_manager
|
|
logout:
|
|
path: auth_logout
|
|
target: /
|
|
remember_me:
|
|
secret: '%kernel.secret%'
|
|
lifetime: 604800
|
|
path: /
|
|
|
|
# Easy way to control access for large sections of your site
|
|
# Note: Only the *first* access control that matches will be used
|
|
access_control:
|
|
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
- { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
- { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
|
|
- { path: ^/admin/user, roles: ROLE_ADMIN }
|
|
- { path: ^/admin/task, roles: ROLE_ADMIN }
|
|
- { path: ^/admin/setting, roles: ROLE_ADMIN }
|
|
- { path: ^/admin/site, roles: ROLE_WRITER }
|
|
- { path: ^/admin/file_manager, roles: ROLE_WRITER }
|
|
- { path: ^/admin, roles: ROLE_USER }
|
|
- { path: ^/_internal, roles: IS_AUTHENTICATED_ANONYMOUSLY }
|