app/config/security.yml

   1 security:
   2     encoders:
   3         FOS\UserBundle\Model\UserInterface: sha512
   4
   5     role_hierarchy:
   6         ROLE_ADMIN: ROLE_USER
   7         ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
   8
   9     # /!\ This list is modified in WallabagUserBundle when LDAP is enabled
  10     providers:
  11         administrators:
  12             entity:
  13                 class: WallabagUserBundle:User
  14                 property: username
  15         fos_userbundle:
  16             id: fos_user.user_provider.username_email
  17
  18     # the main part of the security, where you can set up firewalls
  19     # for specific sections of your app
  20     firewalls:
  21         # disables authentication for assets and the profiler, adapt it according to your needs
  22         dev:
  23             pattern: ^/(_(profiler|wdt)|css|images|js)/
  24             security: false
  25
  26         oauth_token:
  27             pattern: ^/oauth/v2/token
  28             security: false
  29
  30         api:
  31             pattern: /api/.*
  32             fos_oauth: true
  33             stateless: true
  34             anonymous: true
  35
  36         login_firewall:
  37             pattern: ^/login$
  38             anonymous:  ~
  39
  40         # /!\ This section is modified in WallabagUserBundle when LDAP is enabled
  41         secured_area:
  42             pattern: ^/
  43             form_login:
  44                 provider: fos_userbundle
  45                 csrf_token_generator: security.csrf.token_manager
  46
  47             anonymous: true
  48             remember_me:
  49                 secret: "%secret%"
  50                 lifetime: 31536000
  51                 path: /
  52                 domain: ~
  53
  54             logout:
  55                 path:   /logout
  56                 target: /
  57
  58     access_control:
  59         - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
  60         - { path: ^/api/version, roles: IS_AUTHENTICATED_ANONYMOUSLY }
  61         - { path: ^/api/user, roles: IS_AUTHENTICATED_ANONYMOUSLY }
  62         - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
  63         - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
  64         - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
  65         - { path: /(unread|starred|archive|all).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
  66         - { path: /tags/(.*).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
  67         - { path: ^/share, roles: IS_AUTHENTICATED_ANONYMOUSLY }
  68         - { path: ^/settings, roles: ROLE_SUPER_ADMIN }
  69         - { path: ^/annotations, roles: ROLE_USER }
  70         - { path: ^/users, roles: ROLE_SUPER_ADMIN }
  71         - { path: ^/, roles: ROLE_USER }