diff --git a/security/access_control.rst b/security/access_control.rst index efae1e628d1..53d216c8ce2 100644 --- a/security/access_control.rst +++ b/security/access_control.rst @@ -40,8 +40,8 @@ Take the following ``access_control`` entries as an example: security: # ... access_control: - - { path: '^/admin', roles: ROLE_USER_IP, ip: 127.0.0.1 } - { path: '^/admin', roles: ROLE_USER_PORT, ip: 127.0.0.1, port: 8080 } + - { path: '^/admin', roles: ROLE_USER_IP, ip: 127.0.0.1 } - { path: '^/admin', roles: ROLE_USER_HOST, host: symfony\.com$ } - { path: '^/admin', roles: ROLE_USER_METHOD, methods: [POST, PUT] } # when defining multiple roles, users must have at least one of them (it's like an OR condition) @@ -59,8 +59,8 @@ Take the following ``access_control`` entries as an example: - + @@ -74,17 +74,17 @@ Take the following ``access_control`` entries as an example: $container->loadFromExtension('security', [ // ... 'access_control' => [ - [ - 'path' => '^/admin', - 'roles' => 'ROLE_USER_IP', - 'ips' => '127.0.0.1', - ], [ 'path' => '^/admin', 'roles' => 'ROLE_USER_PORT', 'ip' => '127.0.0.1', 'port' => '8080', ], + [ + 'path' => '^/admin', + 'roles' => 'ROLE_USER_IP', + 'ips' => '127.0.0.1', + ], [ 'path' => '^/admin', 'roles' => 'ROLE_USER_HOST', @@ -112,13 +112,13 @@ if ``ip``, ``port``, ``host`` or ``method`` are not specified for an entry, that +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+ | URI | IP | PORT | HOST | METHOD | ``access_control`` | Why? | +=================+=============+=============+=============+============+================================+=============================================================+ -| ``/admin/user`` | 127.0.0.1 | 80 | example.com | GET | rule #1 (``ROLE_USER_IP``) | The URI matches ``path`` and the IP matches ``ip``. | +| ``/admin/user`` | 127.0.0.1 | 80 | example.com | GET | rule #2 (``ROLE_USER_IP``) | The URI matches ``path`` and the IP matches ``ip``. | +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+ -| ``/admin/user`` | 127.0.0.1 | 80 | symfony.com | GET | rule #1 (``ROLE_USER_IP``) | The ``path`` and ``ip`` still match. This would also match | +| ``/admin/user`` | 127.0.0.1 | 80 | symfony.com | GET | rule #2 (``ROLE_USER_IP``) | The ``path`` and ``ip`` still match. This would also match | | | | | | | | the ``ROLE_USER_HOST`` entry, but *only* the **first** | | | | | | | | ``access_control`` match is used. | +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+ -| ``/admin/user`` | 127.0.0.1 | 8080 | symfony.com | GET | rule #2 (``ROLE_USER_PORT``) | The ``path``, ``ip`` and ``port`` match. | +| ``/admin/user`` | 127.0.0.1 | 8080 | symfony.com | GET | rule #1 (``ROLE_USER_PORT``) | The ``path``, ``ip`` and ``port`` match. | +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+ | ``/admin/user`` | 168.0.0.1 | 80 | symfony.com | GET | rule #3 (``ROLE_USER_HOST``) | The ``ip`` doesn't match the first rule, so the second | | | | | | | | rule (which matches) is used. | pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy