|
|
@@ -1,171 +0,0 @@
|
|
|
-imports:
|
|
|
- - { resource: security/* }
|
|
|
-
|
|
|
-security:
|
|
|
- role_hierarchy:
|
|
|
- ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE-ALLOWED-TO-SWITCH, ROLE_TIPS, ROLE_NETWORK]
|
|
|
-
|
|
|
- BASE_ROLE_ADMINISTRATION_CORE : &BASE_ROLE_ADMINISTRATION_CORE
|
|
|
- - ROLE_MEMBER_CORE
|
|
|
- - ROLE_ORGANIZATION
|
|
|
-
|
|
|
- ROLE_ADMIN:
|
|
|
- - ROLE_CORE-CRUD
|
|
|
- - ROLE_GENERAL_CONFIG
|
|
|
- - ROLE_PEDAGOGICS_ADMINISTRATION
|
|
|
- - ROLE_PEDAGOGICS_SEIZURE
|
|
|
- - ROLE_EVENTS
|
|
|
- - ROLE_COURSES
|
|
|
- - ROLE_EXAMENS
|
|
|
- - ROLE_EDUCATIONALPROJECTS
|
|
|
- - ROLE_BILLINGS_ADMINISTRATION
|
|
|
- - ROLE_BILLINGS_SEIZURE
|
|
|
- - ROLE_NETWORK
|
|
|
- - ROLE_COTISATION
|
|
|
- - ROLE_ONLINEREGISTRATION_ADMINISTRATION
|
|
|
- - ROLE_STATISTIC
|
|
|
- - ROLE_ADMIN_CORE
|
|
|
-
|
|
|
- ROLE_ADMIN_CORE: *BASE_ROLE_ADMINISTRATION_CORE
|
|
|
-
|
|
|
- ROLE_ADMINISTRATIF_MANAGER:
|
|
|
- - ROLE_CORE-CRUD
|
|
|
- - ROLE_GENERAL_CONFIG
|
|
|
- - ROLE_PEDAGOGICS_ADMINISTRATION
|
|
|
- - ROLE_PEDAGOGICS_SEIZURE
|
|
|
- - ROLE_EVENTS
|
|
|
- - ROLE_COURSES
|
|
|
- - ROLE_EXAMENS
|
|
|
- - ROLE_EDUCATIONALPROJECTS
|
|
|
- - ROLE_BILLINGS_ADMINISTRATION
|
|
|
- - ROLE_BILLINGS_SEIZURE
|
|
|
- - ROLE_NETWORK
|
|
|
- - ROLE_COTISATION
|
|
|
- - ROLE_ONLINEREGISTRATION_ADMINISTRATION
|
|
|
- - ROLE_ADMINISTRATIF_MANAGER_CORE
|
|
|
-
|
|
|
- ROLE_ADMINISTRATIF_MANAGER_CORE: *BASE_ROLE_ADMINISTRATION_CORE
|
|
|
-
|
|
|
- ROLE_PEDAGOGICS_MANAGER:
|
|
|
- - ROLE_CORE-CRUD
|
|
|
- - ROLE_PEDAGOGICS_ADMINISTRATION
|
|
|
- - ROLE_PEDAGOGICS_SEIZURE
|
|
|
- - ROLE_EVENTS
|
|
|
- - ROLE_COURSES
|
|
|
- - ROLE_EXAMENS
|
|
|
- - ROLE_EDUCATIONALPROJECTS
|
|
|
- - ROLE_BILLINGS_ADMINISTRATION_VIEW
|
|
|
- - ROLE_BILLINGS_SEIZURE-VIEW
|
|
|
- - ROLE_ONLINEREGISTRATION_ADMINISTRATION
|
|
|
- - ROLE_PEDAGOGICS_MANAGER_CORE
|
|
|
-
|
|
|
- ROLE_PEDAGOGICS_MANAGER_CORE:
|
|
|
- - ROLE_MEMBER_CORE
|
|
|
-
|
|
|
- ROLE_FINANCIAL_MANAGER:
|
|
|
- - ROLE_CORE-CRUD
|
|
|
- - ROLE_EVENTS_VIEW
|
|
|
- - ROLE_COURSES_VIEW
|
|
|
- - ROLE_EXAMENS_VIEW
|
|
|
- - ROLE_EDUCATIONALPROJECTS_VIEW
|
|
|
- - ROLE_BILLINGS_ADMINISTRATION
|
|
|
- - ROLE_BILLINGS_SEIZURE
|
|
|
- - ROLE_FINANCIAL_MANAGER_CORE
|
|
|
-
|
|
|
- ROLE_FINANCIAL_MANAGER_CORE:
|
|
|
- - ROLE_MEMBER_CORE
|
|
|
- - ROLE_PAYER
|
|
|
-
|
|
|
- ROLE_CA:
|
|
|
- - ROLE_GENERAL_CONFIG
|
|
|
- - ROLE_CORE-CRUD
|
|
|
- - ROLE_COTISATION
|
|
|
- - ROLE_EVENTS
|
|
|
- - ROLE_COURSES
|
|
|
- - ROLE_EXAMENS
|
|
|
- - ROLE_EDUCATIONALPROJECTS
|
|
|
- - ROLE_BILLINGS_ADMINISTRATION_VIEW
|
|
|
- - ROLE_BILLINGS_SEIZURE_VIEW
|
|
|
- - ROLE_CA_CORE
|
|
|
-
|
|
|
- ROLE_CA_CORE:
|
|
|
- - ROLE_MEMBER_CORE
|
|
|
-
|
|
|
- ROLE_STUDENT :
|
|
|
- - ROLE_STUDENT_CORE
|
|
|
-
|
|
|
- ROLE_STUDENT_CORE:
|
|
|
- - ROLE_MEMBER_CORE
|
|
|
- - ROLE_WORK-BY-USER
|
|
|
-
|
|
|
- ROLE_TEACHER:
|
|
|
- - ROLE_TEACHER_CORE
|
|
|
-
|
|
|
- ROLE_TEACHER_CORE:
|
|
|
- - ROLE_MEMBER_CORE
|
|
|
- - ROLE_OWN-MY-STUDENT
|
|
|
-
|
|
|
- ROLE_MEMBER:
|
|
|
- - ROLE_MEMBER_CORE
|
|
|
-
|
|
|
- ROLE_MEMBER_CORE:
|
|
|
- - ROLE_CORE
|
|
|
- - ROLE_CORE_ACTION
|
|
|
-
|
|
|
- ROLE_OTHER:
|
|
|
- - ROLE_OTHER_CORE
|
|
|
-
|
|
|
- ROLE_OTHER_CORE:
|
|
|
- - ROLE_CORE
|
|
|
- - ROLE_RULERZ_ACTION
|
|
|
-
|
|
|
- password_hashers:
|
|
|
- App\Entity\Person\Person:
|
|
|
- algorithm: bcrypt
|
|
|
-
|
|
|
- # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
|
|
|
- providers:
|
|
|
- # used to reload user from session & other features (e.g. switch_user)
|
|
|
- access_provider:
|
|
|
- entity:
|
|
|
- class: App\Entity\Access\Access
|
|
|
- person_provider:
|
|
|
- entity:
|
|
|
- class: App\Entity\Person\Person
|
|
|
- property: username
|
|
|
-
|
|
|
- enable_authenticator_manager: true
|
|
|
-
|
|
|
- firewalls:
|
|
|
- dev:
|
|
|
- pattern: ^/(_(profiler|wdt)|css|images|js)/
|
|
|
- security: false
|
|
|
-
|
|
|
- login:
|
|
|
- pattern: ^/login_check
|
|
|
- stateless: true
|
|
|
- json_login:
|
|
|
- provider: person_provider
|
|
|
- check_path: /login_check
|
|
|
- username_path: username
|
|
|
- password_path: password
|
|
|
- success_handler: lexik_jwt_authentication.handler.authentication_success
|
|
|
- failure_handler: lexik_jwt_authentication.handler.authentication_failure
|
|
|
- api:
|
|
|
- jwt: ~
|
|
|
- pattern: ^/api/
|
|
|
- stateless: true
|
|
|
- provider: access_provider
|
|
|
- switch_user:
|
|
|
- role: CAN_SWITCH_USER
|
|
|
- parameter: X-Switch-User
|
|
|
-
|
|
|
- main:
|
|
|
- # activate different ways to authenticate
|
|
|
- # https://symfony.com/doc/current/security.html#firewalls-authentication
|
|
|
-
|
|
|
- # Easy way to control access for large sections of your site
|
|
|
- # Note: Only the *first* access control that matches will be used
|
|
|
- access_control:
|
|
|
- - { path: ^/api/public, roles: PUBLIC_ACCESS }
|
|
|
- - { path: ^/api/, roles: IS_HAVING_MODULE }
|
Vincent