diff options
author | Jeremy Benoist <jeremy.benoist@gmail.com> | 2017-06-02 10:19:33 +0200 |
---|---|---|
committer | Jeremy Benoist <jeremy.benoist@gmail.com> | 2017-06-02 11:32:38 +0200 |
commit | 426bb453d295900fb3e35dce2f9081a42639cf27 (patch) | |
tree | 77fc6aedf17640a9d13a817e25fbd06ab89b471f /app/config/security.yml | |
parent | a687c8d915276eee0c0494156700f7d0c0606735 (diff) | |
download | wallabag-426bb453d295900fb3e35dce2f9081a42639cf27.tar.gz wallabag-426bb453d295900fb3e35dce2f9081a42639cf27.tar.zst wallabag-426bb453d295900fb3e35dce2f9081a42639cf27.zip |
API user creation behing a toggle
I've added a toggle feature (in internal settings) so that user api creation can be disabled while form registration still can be enabled.
Also, the /api/user endpoint shouldn't require authentication. Even if we check the authentication when sending a GET request, to retrieve current user information.
I've moved all the internal settings definition to config to avoid duplicated place to define them.
I don't know why we didn't did that earlier.
Diffstat (limited to 'app/config/security.yml')
-rw-r--r-- | app/config/security.yml | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/config/security.yml b/app/config/security.yml index efb00a53..ffb1d356 100644 --- a/app/config/security.yml +++ b/app/config/security.yml | |||
@@ -56,6 +56,7 @@ security: | |||
56 | access_control: | 56 | access_control: |
57 | - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY } | 57 | - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
58 | - { path: ^/api/version, roles: IS_AUTHENTICATED_ANONYMOUSLY } | 58 | - { path: ^/api/version, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
59 | - { path: ^/api/user, roles: IS_AUTHENTICATED_ANONYMOUSLY } | ||
59 | - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } | 60 | - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
60 | - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } | 61 | - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } |
61 | - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } | 62 | - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } |