imports: - { resource: security/* } security: role_hierarchy: ROLE_SUPER_ADMIN: [ ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH, ROLE_TIPS, ROLE_NETWORK ] BASE_ROLE_ADMINISTRATION_CORE: &BASE_ROLE_ADMINISTRATION_CORE - ROLE_MEMBER_CORE - ROLE_ORGANIZATION ROLE_ADMIN: - ROLE_CORE-CRUD - ROLE_GENERAL_CONFIG - ROLE_PEDAGOGICS_ADMINISTRATION - ROLE_PEDAGOGICS_SEIZURE - ROLE_EVENTS - ROLE_COURSES - ROLE_EXAMENS - ROLE_EDUCATIONALPROJECTS - ROLE_BILLINGS_ADMINISTRATION - ROLE_BILLINGS_SEIZURE - ROLE_NETWORK - ROLE_COTISATION - ROLE_ONLINEREGISTRATION_ADMINISTRATION - ROLE_STATISTIC - ROLE_ADMIN_CORE ROLE_ADMIN_CORE: *BASE_ROLE_ADMINISTRATION_CORE ROLE_ADMINISTRATIF_MANAGER: - ROLE_CORE-CRUD - ROLE_GENERAL_CONFIG - ROLE_PEDAGOGICS_ADMINISTRATION - ROLE_PEDAGOGICS_SEIZURE - ROLE_EVENTS - ROLE_COURSES - ROLE_EXAMENS - ROLE_EDUCATIONALPROJECTS - ROLE_BILLINGS_ADMINISTRATION - ROLE_BILLINGS_SEIZURE - ROLE_NETWORK - ROLE_COTISATION - ROLE_ONLINEREGISTRATION_ADMINISTRATION - ROLE_ADMINISTRATIF_MANAGER_CORE ROLE_ADMINISTRATIF_MANAGER_CORE: *BASE_ROLE_ADMINISTRATION_CORE ROLE_PEDAGOGICS_MANAGER: - ROLE_CORE-CRUD - ROLE_PEDAGOGICS_ADMINISTRATION - ROLE_PEDAGOGICS_SEIZURE - ROLE_EVENTS - ROLE_COURSES - ROLE_EXAMENS - ROLE_EDUCATIONALPROJECTS - ROLE_BILLINGS_ADMINISTRATION_VIEW - ROLE_BILLINGS_SEIZURE-VIEW - ROLE_ONLINEREGISTRATION_ADMINISTRATION - ROLE_PEDAGOGICS_MANAGER_CORE ROLE_PEDAGOGICS_MANAGER_CORE: - ROLE_MEMBER_CORE ROLE_FINANCIAL_MANAGER: - ROLE_CORE-CRUD - ROLE_EVENTS_VIEW - ROLE_COURSES_VIEW - ROLE_EXAMENS_VIEW - ROLE_EDUCATIONALPROJECTS_VIEW - ROLE_BILLINGS_ADMINISTRATION - ROLE_BILLINGS_SEIZURE - ROLE_FINANCIAL_MANAGER_CORE ROLE_FINANCIAL_MANAGER_CORE: - ROLE_MEMBER_CORE - ROLE_PAYER ROLE_CA: - ROLE_GENERAL_CONFIG - ROLE_CORE-CRUD - ROLE_COTISATION - ROLE_EVENTS - ROLE_COURSES - ROLE_EXAMENS - ROLE_EDUCATIONALPROJECTS - ROLE_BILLINGS_ADMINISTRATION_VIEW - ROLE_BILLINGS_SEIZURE_VIEW - ROLE_CA_CORE ROLE_CA_CORE: - ROLE_MEMBER_CORE ROLE_STUDENT: - ROLE_STUDENT_CORE ROLE_STUDENT_CORE: - ROLE_MEMBER_CORE - ROLE_WORK-BY-USER ROLE_TEACHER: - ROLE_TEACHER_CORE ROLE_TEACHER_CORE: - ROLE_MEMBER_CORE - ROLE_OWN-MY-STUDENT ROLE_MEMBER: - ROLE_MEMBER_CORE ROLE_MEMBER_CORE: - ROLE_CORE - ROLE_CORE_ACTION ROLE_OTHER: - ROLE_OTHER_CORE ROLE_OTHER_CORE: - ROLE_CORE - ROLE_RULERZ_ACTION password_hashers: App\Entity\Person\Person: algorithm: bcrypt # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider providers: # used to reload user from session & other features (e.g. switch_user) access_provider: entity: class: App\Entity\Access\Access person_provider: entity: class: App\Entity\Person\Person property: username firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false login: pattern: ^/login_check stateless: true json_login: provider: person_provider check_path: /login_check username_path: username password_path: password success_handler: lexik_jwt_authentication.handler.authentication_success failure_handler: lexik_jwt_authentication.handler.authentication_failure api: jwt: ~ pattern: ^/api/ stateless: true provider: access_provider switch_user: role: CAN_SWITCH_USER parameter: X-Switch-User main: # activate different ways to authenticate # https://symfony.com/doc/current/security.html#the-firewall # https://symfony.com/doc/current/security/impersonating_user.html # switch_user: true # Easy way to control access for large sections of your site # Note: Only the *first* access control that matches will be used access_control: - { path: ^/api/public, roles: PUBLIC_ACCESS } - { path: ^/api/internal, roles: INTERNAL_REQUEST } - { path: ^/api/internal, roles: ROLE_NO_ACCESS } - { path: ^/api/, roles: IS_HAVING_MODULE }