Opentalent
/
ap2i


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175
							imports:
    - { resource: security/* }

security:
    role_hierarchy:
        ROLE_SUPER_ADMIN: [ ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH, ROLE_TIPS, ROLE_NETWORK ]

        BASE_ROLE_ADMINISTRATION_CORE: &BASE_ROLE_ADMINISTRATION_CORE
            - ROLE_MEMBER_CORE
            - ROLE_ORGANIZATION
            - ROLE_ORGANIZATION_VIEW

        ROLE_ADMIN:
            - ROLE_CORE-CRUD
            - ROLE_GENERAL_CONFIG
            - ROLE_PEDAGOGICS_ADMINISTRATION
            - ROLE_PEDAGOGICS_SEIZURE
            - ROLE_EVENTS
            - ROLE_COURSES
            - ROLE_EXAMENS
            - ROLE_EDUCATIONALPROJECTS
            - ROLE_BILLINGS_ADMINISTRATION
            - ROLE_BILLINGS_SEIZURE
            - ROLE_NETWORK
            - ROLE_COTISATION
            - ROLE_ONLINEREGISTRATION_ADMINISTRATION
            - ROLE_STATISTIC
            - ROLE_ADMIN_CORE

        ROLE_ADMIN_CORE: *BASE_ROLE_ADMINISTRATION_CORE

        ROLE_ADMINISTRATIF_MANAGER:
            - ROLE_CORE-CRUD
            - ROLE_GENERAL_CONFIG
            - ROLE_PEDAGOGICS_ADMINISTRATION
            - ROLE_PEDAGOGICS_SEIZURE
            - ROLE_EVENTS
            - ROLE_COURSES
            - ROLE_EXAMENS
            - ROLE_EDUCATIONALPROJECTS
            - ROLE_BILLINGS_ADMINISTRATION
            - ROLE_BILLINGS_SEIZURE
            - ROLE_NETWORK
            - ROLE_COTISATION
            - ROLE_ONLINEREGISTRATION_ADMINISTRATION
            - ROLE_ADMINISTRATIF_MANAGER_CORE

        ROLE_ADMINISTRATIF_MANAGER_CORE: *BASE_ROLE_ADMINISTRATION_CORE

        ROLE_PEDAGOGICS_MANAGER:
            - ROLE_CORE-CRUD
            - ROLE_PEDAGOGICS_ADMINISTRATION
            - ROLE_PEDAGOGICS_SEIZURE
            - ROLE_EVENTS
            - ROLE_COURSES
            - ROLE_EXAMENS
            - ROLE_EDUCATIONALPROJECTS
            - ROLE_BILLINGS_ADMINISTRATION_VIEW
            - ROLE_BILLINGS_SEIZURE-VIEW
            - ROLE_ONLINEREGISTRATION_ADMINISTRATION
            - ROLE_PEDAGOGICS_MANAGER_CORE

        ROLE_PEDAGOGICS_MANAGER_CORE:
            - ROLE_MEMBER_CORE

        ROLE_FINANCIAL_MANAGER:
            - ROLE_CORE-CRUD
            - ROLE_EVENTS_VIEW
            - ROLE_COURSES_VIEW
            - ROLE_EXAMENS_VIEW
            - ROLE_EDUCATIONALPROJECTS_VIEW
            - ROLE_BILLINGS_ADMINISTRATION
            - ROLE_BILLINGS_SEIZURE
            - ROLE_FINANCIAL_MANAGER_CORE

        ROLE_FINANCIAL_MANAGER_CORE:
            - ROLE_MEMBER_CORE
            - ROLE_PAYER

        ROLE_CA:
            - ROLE_GENERAL_CONFIG
            - ROLE_CORE-CRUD
            - ROLE_COTISATION
            - ROLE_EVENTS
            - ROLE_COURSES
            - ROLE_EXAMENS
            - ROLE_EDUCATIONALPROJECTS
            - ROLE_BILLINGS_ADMINISTRATION_VIEW
            - ROLE_BILLINGS_SEIZURE_VIEW
            - ROLE_CA_CORE

        ROLE_CA_CORE:
            - ROLE_MEMBER_CORE

        ROLE_STUDENT:
            - ROLE_STUDENT_CORE

        ROLE_STUDENT_CORE:
            - ROLE_MEMBER_CORE
            - ROLE_WORK-BY-USER

        ROLE_TEACHER:
            - ROLE_TEACHER_CORE

        ROLE_TEACHER_CORE:
            - ROLE_MEMBER_CORE
            - ROLE_OWN-MY-STUDENT

        ROLE_MEMBER:
            - ROLE_MEMBER_CORE

        ROLE_MEMBER_CORE:
            - ROLE_CORE
            - ROLE_CORE_ACTION

        ROLE_OTHER:
            - ROLE_OTHER_CORE

        ROLE_OTHER_CORE:
            - ROLE_CORE
            - ROLE_RULERZ_ACTION

    password_hashers:
        App\Entity\Person\Person:
            algorithm: bcrypt

    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
    providers:
        # used to reload user from session & other features (e.g. switch_user)
        access_provider:
            entity:
                class: App\Entity\Access\Access
        person_provider:
            entity:
                class: App\Entity\Person\Person
                property: username

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        login:
            pattern: ^/login_check
            stateless: true
            json_login:
                provider: person_provider
                check_path: /login_check
                username_path: username
                password_path: password
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure
        api:
            jwt: ~
            pattern: ^/api/
            stateless: true
            provider: access_provider
            switch_user:
                role: CAN_SWITCH_USER
                parameter: X-Switch-User

        main:
            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#the-firewall

            # https://symfony.com/doc/current/security/impersonating_user.html
            # switch_user: true

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        - { path: ^/api/public, roles: PUBLIC_ACCESS }
        - { path: ^/api/internal, roles: INTERNAL_REQUEST }
        - { path: ^/api/internal, roles: ROLE_NO_ACCESS }
        - { path: ^/api/, roles: IS_HAVING_MODULE }