|
|
@@ -0,0 +1,171 @@
|
|
|
+imports:
|
|
|
+ - { resource: security/* }
|
|
|
+
|
|
|
+security:
|
|
|
+ role_hierarchy:
|
|
|
+ ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE-ALLOWED-TO-SWITCH, ROLE_TIPS, ROLE_NETWORK]
|
|
|
+
|
|
|
+ BASE_ROLE_ADMINISTRATION_CORE : &BASE_ROLE_ADMINISTRATION_CORE
|
|
|
+ - ROLE_MEMBER_CORE
|
|
|
+ - ROLE_ORGANIZATION
|
|
|
+
|
|
|
+ ROLE_ADMIN:
|
|
|
+ - ROLE_CORE-CRUD
|
|
|
+ - ROLE_GENERAL_CONFIG
|
|
|
+ - ROLE_PEDAGOGICS_ADMINISTRATION
|
|
|
+ - ROLE_PEDAGOGICS_SEIZURE
|
|
|
+ - ROLE_EVENTS
|
|
|
+ - ROLE_COURSES
|
|
|
+ - ROLE_EXAMENS
|
|
|
+ - ROLE_EDUCATIONALPROJECTS
|
|
|
+ - ROLE_BILLINGS_ADMINISTRATION
|
|
|
+ - ROLE_BILLINGS_SEIZURE
|
|
|
+ - ROLE_NETWORK
|
|
|
+ - ROLE_COTISATION
|
|
|
+ - ROLE_ONLINEREGISTRATION_ADMINISTRATION
|
|
|
+ - ROLE_STATISTIC
|
|
|
+ - ROLE_ADMIN_CORE
|
|
|
+
|
|
|
+ ROLE_ADMIN_CORE: *BASE_ROLE_ADMINISTRATION_CORE
|
|
|
+
|
|
|
+ ROLE_ADMINISTRATIF_MANAGER:
|
|
|
+ - ROLE_CORE-CRUD
|
|
|
+ - ROLE_GENERAL_CONFIG
|
|
|
+ - ROLE_PEDAGOGICS_ADMINISTRATION
|
|
|
+ - ROLE_PEDAGOGICS_SEIZURE
|
|
|
+ - ROLE_EVENTS
|
|
|
+ - ROLE_COURSES
|
|
|
+ - ROLE_EXAMENS
|
|
|
+ - ROLE_EDUCATIONALPROJECTS
|
|
|
+ - ROLE_BILLINGS_ADMINISTRATION
|
|
|
+ - ROLE_BILLINGS_SEIZURE
|
|
|
+ - ROLE_NETWORK
|
|
|
+ - ROLE_COTISATION
|
|
|
+ - ROLE_ONLINEREGISTRATION_ADMINISTRATION
|
|
|
+ - ROLE_ADMINISTRATIF_MANAGER_CORE
|
|
|
+
|
|
|
+ ROLE_ADMINISTRATIF_MANAGER_CORE: *BASE_ROLE_ADMINISTRATION_CORE
|
|
|
+
|
|
|
+ ROLE_PEDAGOGICS_MANAGER:
|
|
|
+ - ROLE_CORE-CRUD
|
|
|
+ - ROLE_PEDAGOGICS_ADMINISTRATION
|
|
|
+ - ROLE_PEDAGOGICS_SEIZURE
|
|
|
+ - ROLE_EVENTS
|
|
|
+ - ROLE_COURSES
|
|
|
+ - ROLE_EXAMENS
|
|
|
+ - ROLE_EDUCATIONALPROJECTS
|
|
|
+ - ROLE_BILLINGS_ADMINISTRATION_VIEW
|
|
|
+ - ROLE_BILLINGS_SEIZURE-VIEW
|
|
|
+ - ROLE_ONLINEREGISTRATION_ADMINISTRATION
|
|
|
+ - ROLE_PEDAGOGICS_MANAGER_CORE
|
|
|
+
|
|
|
+ ROLE_PEDAGOGICS_MANAGER_CORE:
|
|
|
+ - ROLE_MEMBER_CORE
|
|
|
+
|
|
|
+ ROLE_FINANCIAL_MANAGER:
|
|
|
+ - ROLE_CORE-CRUD
|
|
|
+ - ROLE_EVENTS_VIEW
|
|
|
+ - ROLE_COURSES_VIEW
|
|
|
+ - ROLE_EXAMENS_VIEW
|
|
|
+ - ROLE_EDUCATIONALPROJECTS_VIEW
|
|
|
+ - ROLE_BILLINGS_ADMINISTRATION
|
|
|
+ - ROLE_BILLINGS_SEIZURE
|
|
|
+ - ROLE_FINANCIAL_MANAGER_CORE
|
|
|
+
|
|
|
+ ROLE_FINANCIAL_MANAGER_CORE:
|
|
|
+ - ROLE_MEMBER_CORE
|
|
|
+ - ROLE_PAYER
|
|
|
+
|
|
|
+ ROLE_CA:
|
|
|
+ - ROLE_GENERAL_CONFIG
|
|
|
+ - ROLE_CORE-CRUD
|
|
|
+ - ROLE_COTISATION
|
|
|
+ - ROLE_EVENTS
|
|
|
+ - ROLE_COURSES
|
|
|
+ - ROLE_EXAMENS
|
|
|
+ - ROLE_EDUCATIONALPROJECTS
|
|
|
+ - ROLE_BILLINGS_ADMINISTRATION_VIEW
|
|
|
+ - ROLE_BILLINGS_SEIZURE_VIEW
|
|
|
+ - ROLE_CA_CORE
|
|
|
+
|
|
|
+ ROLE_CA_CORE:
|
|
|
+ - ROLE_MEMBER_CORE
|
|
|
+
|
|
|
+ ROLE_STUDENT :
|
|
|
+ - ROLE_STUDENT_CORE
|
|
|
+
|
|
|
+ ROLE_STUDENT_CORE:
|
|
|
+ - ROLE_MEMBER_CORE
|
|
|
+ - ROLE_WORK-BY-USER
|
|
|
+
|
|
|
+ ROLE_TEACHER:
|
|
|
+ - ROLE_TEACHER_CORE
|
|
|
+
|
|
|
+ ROLE_TEACHER_CORE:
|
|
|
+ - ROLE_MEMBER_CORE
|
|
|
+ - ROLE_OWN-MY-STUDENT
|
|
|
+
|
|
|
+ ROLE_MEMBER:
|
|
|
+ - ROLE_MEMBER_CORE
|
|
|
+
|
|
|
+ ROLE_MEMBER_CORE:
|
|
|
+ - ROLE_CORE
|
|
|
+ - ROLE_CORE_ACTION
|
|
|
+
|
|
|
+ ROLE_OTHER:
|
|
|
+ - ROLE_OTHER_CORE
|
|
|
+
|
|
|
+ ROLE_OTHER_CORE:
|
|
|
+ - ROLE_CORE
|
|
|
+ - ROLE_RULERZ_ACTION
|
|
|
+
|
|
|
+ password_hashers:
|
|
|
+ App\Entity\Person\Person:
|
|
|
+ algorithm: bcrypt
|
|
|
+
|
|
|
+ # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
|
|
|
+ providers:
|
|
|
+ # used to reload user from session & other features (e.g. switch_user)
|
|
|
+ access_provider:
|
|
|
+ entity:
|
|
|
+ class: App\Entity\Access\Access
|
|
|
+ person_provider:
|
|
|
+ entity:
|
|
|
+ class: App\Entity\Person\Person
|
|
|
+ property: username
|
|
|
+
|
|
|
+ enable_authenticator_manager: true
|
|
|
+
|
|
|
+ firewalls:
|
|
|
+ dev:
|
|
|
+ pattern: ^/(_(profiler|wdt)|css|images|js)/
|
|
|
+ security: false
|
|
|
+
|
|
|
+ login:
|
|
|
+ pattern: ^/login_check
|
|
|
+ stateless: true
|
|
|
+ json_login:
|
|
|
+ provider: person_provider
|
|
|
+ check_path: /login_check
|
|
|
+ username_path: username
|
|
|
+ password_path: password
|
|
|
+ success_handler: lexik_jwt_authentication.handler.authentication_success
|
|
|
+ failure_handler: lexik_jwt_authentication.handler.authentication_failure
|
|
|
+ api:
|
|
|
+ jwt: ~
|
|
|
+ pattern: ^/api/
|
|
|
+ stateless: true
|
|
|
+ provider: access_provider
|
|
|
+ switch_user:
|
|
|
+ role: CAN_SWITCH_USER
|
|
|
+ parameter: X-Switch-User
|
|
|
+
|
|
|
+ main:
|
|
|
+ # activate different ways to authenticate
|
|
|
+ # https://symfony.com/doc/current/security.html#firewalls-authentication
|
|
|
+
|
|
|
+ # Easy way to control access for large sections of your site
|
|
|
+ # Note: Only the *first* access control that matches will be used
|
|
|
+ access_control:
|
|
|
+ - { path: ^/api/public, roles: PUBLIC_ACCESS }
|
|
|
+ - { path: ^/api/, roles: IS_HAVING_MODULE }
|
Vincent