|
|
security:
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
role_hierarchy:
ROLE_USER: [ROLE_SONATA_BLOCK_ADMIN_CONTRACT_VIEW,ROLE_SONATA_BLOCK_ADMIN_CONTRACT_GUEST ]
ROLE_ADMIN:
- ROLE_USER
- ROLE_SONATA_ADMIN
ROLE_EDITOR:
- ROLE_ADMIN
- ROLE_ADMIN_USER_ALL
- ROLE_ADMIN_CALENDAR_VIEW
- ROLE_SONATA_USER_ADMIN_USER_ALL
- ROLE_SONATA_USER_ADMIN_GROUP_ALL
- ROLE_ADMIN_PROCESOS_ALL
- ROLE_TAREAS_ALL
- ROLE_PRECONDITION_ADMIN_ALL
- ROLE_ADMIN_POSTCONDITION_ALL
- ROLE_ADMIN_PRECONDITION_ALL
- ROLE_ADMIN_REALIZAR_TAREA_EDIT
- ROLE_ADMIN_REALIZAR_TAREA_DELETE
- ROLE_RULES_ADMIN_ALL
- ROLE_SONATA_USER_ADMIN_USER_ALL
- ROLE_SONATA_USER_ADMIN_GROUP_ALL
- ROLE_POSTCONDITION_ADMIN_ALL
- ROLE_ADMIN_PREGUNTAS_ALL
- ROLE_ADMIN_TAREA_ALL
- ROLE_APP\ADMIN\TAREAADMIN_ALL
- ROLE_ADMIN_TEMPLATE_ALL
- ROLE_ADMIN_RECURSOTOTAREA_ALL
- ROLE_APP\ADMIN\RECURSOTOTAREAADMIN_ALL
- ROLE_APP\ADMIN\TEMPLATEADMIN_ALL
- ROLE_APP\ADMIN\COMPONENTADMIN_ALL
- ROLE_APP\ADMIN\EXTERNALADMIN_ALL
- ROLE_ADMIN_COMPONENT_ALL
- ROLE_ADMIN_FORM_COMPONENT_ALL
- ROLE_ADMIN_FORMCOMPONENT_ALL
- ROLE_ADMIN_EXTERNAL_ALL
- ROLE_ADMIN_TIPO_PREGUNTA_ALL
- ROLE_APP\ADMIN\TIPOPREGUNTAADMIN_ALL
- ROLE_ADMIN_TIPOS_RECURSOS_ALL
- ROLE_APP\ADMIN\TIPOSRECURSOSADMIN_ALL
- ROLE_ADMIN_RECURSOS_ALL
- ROLE_APP\ADMIN\RECURSOSADMIN_ALL
- ROLE_ADMIN_SECCIONES_TAREA_ALL
- ROLE_ADMIN_CALENDAR_LIST
- ROLE_ADMIN_MAILLOGGER_ALL
- ROLE_APP\ADMIN\RECURSOTOTAREAADMIN_ALL
# - ROLE_APP\ADMIN\CONTACTOGREENENTERPRENEURADMIN_ALL
# - ROLE_ADMIN_CONTACTOGREENENTERPRENEUR_ALL
- ROLE_APP\ADMIN\DOCUMENTOSADMIN_ALL
- ROLE_ADMIN_DOCUMENTOS_ALL
- ROLE_APP\ADMIN\PROCESOGREENENTERPRENEURADMIN_ALL
- ROLE_ADMIN_PROCESO_GREEN_ENTERPRENEUR_ALL
- ROLE_APP\ADMIN\PROCESOS_COMENTAR_ALL
- ROLE_ADMIN_PROCESOS_COMENTAR_ALL
- ROLE_APP\ADMIN\TASKBUILDER_ALL
- ROLE_ADMIN_TASKBUILDER_ALL
- ROLE_ADMIN_ENCUESTA_ALL
- ROLE_APP\ADMIN\USERADMIN_ALL
- ROLE_APP\ADMIN\MAILLOGGERADMIN_ALL
- ROLE_APP_ADMIN_GREENENTREPRENEUR_ALL
- ROLE_APP_ADMIN_TRAINER_ALL
- ROLE_ADMIN_RESPUESTAS_ALL
- ROLE_ADMIN_RESPUESTAS_HISTORICAS_ALL
- ROLE_ADMIN_INDICADOR_ALL
- ROLE_ADMIN_SECTOR_ALL
- ROLE_ADMIN_BUSSINESS_STAGE_ALL
- ROLE_ADMIN_CONVOCATORIA_ALL
- ROLE_ADMIN_NEWS_ALL
- ROLE_ADMIN_WORKSHOP_ALL
- ROLE_ADMIN_CONTADOR_ALL
- ROLE_ADMIN_BOOKMARKS_ALL
- ROLE_ALLOWED_TO_SWITCH
ROLE_VISOR:
- ROLE_ADMIN
- ROLE_ADMIN_USER_LIST
- ROLE_ADMIN_USER_VIEW
- ROLE_ADMIN_CALENDAR_VIEW
- ROLE_SONATA_USER_ADMIN_USER_LIST
- ROLE_SONATA_USER_ADMIN_USER_VIEW
- ROLE_SONATA_USER_ADMIN_GROUP_LIST
- ROLE_SONATA_USER_ADMIN_GROUP_VIEW
- ROLE_ADMIN_PROCESOS_LIST
- ROLE_ADMIN_PROCESOS_VIEW
- ROLE_TAREAS_LIST
- ROLE_TAREAS_VIEW
- ROLE_PRECONDITION_ADMIN_LIST
- ROLE_PRECONDITION_ADMIN_VIEW
- ROLE_ADMIN_POSTCONDITION_LIST
- ROLE_ADMIN_POSTCONDITION_VIEW
- ROLE_ADMIN_PRECONDITION_LIST
- ROLE_ADMIN_PRECONDITION_VIEW
- ROLE_ADMIN_REALIZAR_TAREA_LIST
- ROLE_ADMIN_REALIZAR_TAREA_VIEW
- ROLE_RULES_ADMIN_LIST
- ROLE_RULES_ADMIN_VIEW
- ROLE_SONATA_USER_ADMIN_USER_LIST
- ROLE_SONATA_USER_ADMIN_USER_VIEW
- ROLE_SONATA_USER_ADMIN_GROUP_LIST
- ROLE_SONATA_USER_ADMIN_GROUP_VIEW
- ROLE_ADMIN_PREGUNTAS_LIST
- ROLE_ADMIN_PREGUNTAS_VIEW
- ROLE_ADMIN_TAREA_LIST
- ROLE_ADMIN_TAREA_VIEW
- ROLE_ADMIN_TEMPLATE_LIST
- ROLE_ADMIN_TEMPLATE_VIEW
- ROLE_ADMIN_RECURSOTOTAREA_LIST
- ROLE_ADMIN_RECURSOTOTAREA_VIEW
- ROLE_ADMIN_COMPONENT_LIST
- ROLE_ADMIN_COMPONENT_VIEW
- ROLE_ADMIN_FORM_COMPONENT_LIST
- ROLE_ADMIN_FORM_COMPONENT_VIEW
- ROLE_ADMIN_FORMCOMPONENT_LIST
- ROLE_ADMIN_FORMCOMPONENT_VIEW
- ROLE_ADMIN_EXTERNAL_LIST
- ROLE_ADMIN_EXTERNAL_VIEW
- ROLE_ADMIN_TIPO_PREGUNTA_LIST
- ROLE_ADMIN_TIPO_PREGUNTA_VIEW
- ROLE_APP\ADMIN\TIPOPREGUNTAADMIN_LIST
- ROLE_APP\ADMIN\TIPOPREGUNTAADMIN_VIEW
- ROLE_ADMIN_TIPOS_RECURSOS_LIST
- ROLE_ADMIN_TIPOS_RECURSOS_VIEW
- ROLE_APP\ADMIN\TIPOSRECURSOSADMIN_LIST
- ROLE_APP\ADMIN\TIPOSRECURSOSADMIN_VIEW
- ROLE_ADMIN_RECURSOS_LIST
- ROLE_ADMIN_RECURSOS_VIEW
- ROLE_APP\ADMIN\RECURSOSADMIN_LIST
- ROLE_APP\ADMIN\RECURSOSADMIN_VIEW
- ROLE_ADMIN_SECCIONES_TAREA_LIST
- ROLE_ADMIN_SECCIONES_TAREA_VIEW
- ROLE_ADMIN_CALENDAR_LIST
- ROLE_ADMIN_MAILLOGGER_LIST
- ROLE_ADMIN_MAILLOGGER_VIEW
- ROLE_APP\ADMIN\RECURSOTOTAREAADMIN_LIST
- ROLE_APP\ADMIN\RECURSOTOTAREAADMIN_VIEW
- ROLE_APP\ADMIN\DOCUMENTOSADMIN_LIST
- ROLE_APP\ADMIN\DOCUMENTOSADMIN_VIEW
- ROLE_ADMIN_DOCUMENTOS_LIST
- ROLE_ADMIN_DOCUMENTOS_VIEW
- ROLE_APP\ADMIN\PROCESOGREENENTERPRENEURADMIN_LIST
- ROLE_APP\ADMIN\PROCESOGREENENTERPRENEURADMIN_VIEW
- ROLE_ADMIN_PROCESO_GREEN_ENTERPRENEUR_LIST
- ROLE_ADMIN_PROCESO_GREEN_ENTERPRENEUR_VIEW
- ROLE_APP\ADMIN\PROCESOS_COMENTAR_LIST
- ROLE_APP\ADMIN\PROCESOS_COMENTAR_VIEW
- ROLE_ADMIN_PROCESOS_COMENTAR_VIEW
- ROLE_ADMIN_PROCESOS_COMENTAR_LIST
- ROLE_APP\ADMIN\USERADMIN_LIST
- ROLE_APP\ADMIN\USERADMIN_VIEW
- ROLE_APP_ADMIN_GREENENTREPRENEUR_LIST
- ROLE_APP_ADMIN_GREENENTREPRENEUR_VIEW
- ROLE_APP_ADMIN_TRAINER_LIST
- ROLE_APP_ADMIN_TRAINER_VIEW
- ROLE_ADMIN_RESPUESTAS_VIEW
- ROLE_ADMIN_RESPUESTAS_LIST
- ROLE_ADMIN_RESPUESTAS_HISTORICAS_LIST
- ROLE_ADMIN_RESPUESTAS_HISTORICAS_VIEW
- ROLE_ADMIN_INDICADOR_LIST
- ROLE_ADMIN_INDICADOR_VIEW
- ROLE_ADMIN_SECTOR_LIST
- ROLE_ADMIN_SECTOR_VIEW
- ROLE_ADMIN_BUSSINESS_STAGE_LIST
- ROLE_ADMIN_BUSSINESS_STAGE_VIEW
- ROLE_ADMIN_CONVOCATORIA_LIST
- ROLE_ADMIN_CONVOCATORIA_VIEW
- ROLE_ADMIN_NEWS_LIST
- ROLE_ADMIN_NEWS_VIEW
- ROLE_ADMIN_WORKSHOP_LIST
- ROLE_ADMIN_WORKSHOP_VIEW
- ROLE_ADMIN_CONTADOR_LIST
- ROLE_ADMIN_CONTADOR_VIEW
- ROLE_ADMIN_BOOKMARKS_LIST
- ROLE_ADMIN_BOOKMARKS_VIEW
- ROLE_ADMIN_GREENENTREPRENEUR_VIEW
- ROLE_APP_ADMIN_GREENENTREPRENEUR_VIEW
- ROLE_ADMIN_GREENENTREPRENEUR_LIST
- ROLE_APP_ADMIN_GREENENTREPRENEUR_LIST
- ROLE_APP_ADMIN_GREENENTREPRENEURADMIN_LIST
- ROLE_APP_ADMIN_GREENENTREPRENEURADMIN_VIEW
- ROLE_ADMIN_GREEN_ENTREPRENEUR_LIST
- ROLE_ADMIN_GREEN_ENTREPRENEUR_VIEW
- ROLE_APP_ADMIN_TRAINER_LIST
- ROLE_APP_ADMIN_TRAINER_VIEW
- ROLE_APP_ADMIN_BSO_LIST
- ROLE_APP_ADMIN_BSO_VIEW
- ROLE_APP_ADMIN_FINANCIAL_ACTOR_LIST
- ROLE_APP_ADMIN_FINANCIAL_ACTOR_VIEW
- ROLE_ADMIN_ENCUESTA_LIST
- ROLE_ADMIN_ENCUESTA_VIEW
- ROLE_ADMIN_FORMULARIO_LIST
- ROLE_ADMIN_FORMULARIO_VIEW
- ROLE_ADMIN_TRAINER_LIST
- ROLE_ADMIN_TRAINER_VIEW
- ROLE_ADMIN_BSO_LIST
- ROLE_ADMIN_BSO_VIEW
- ROLE_ADMIN_FINANCIAL_ACTOR_LIST
- ROLE_ADMIN_FINANCIAL_ACTOR_VIEW
- ROLE_APP\ADMIN\BSO_LIST
- ROLE_APP\ADMIN\BSO_VIEW
ROLE_GREENENTERPRENEUR:
- ROLE_ADMIN
- ROLE_ADMIN_PROCESOS_LIST
- ROLE_ADMIN_CALENDAR_EDIT
- ROLE_ADMIN_USER_VIEW
- ROLE_ADMIN_USER_EDIT
- ROLE_ADMIN_PROCESO_TAREA_ALL
- ROLE_SONATA_USER_ADMIN_USER_EDIT
- ROLE_SONATA_USER_ADMIN_USER_VIEW
- ROLE_APP_ADMIN_USERADMIN_EDIT
- ROLE_APP_ADMIN_USERADMIN_VIEW
- ROLE_ADMIN_GREENENTREPRENEUR_VIEW
- ROLE_APP_ADMIN_GREENENTREPRENEUR_VIEW
- ROLE_ADMIN_GREENENTREPRENEUR_EDIT
- ROLE_APP_ADMIN_GREENENTREPRENEUR_EDIT
- ROLE_APP_ADMIN_GREENENTREPRENEURADMIN_EDIT
- ROLE_APP_ADMIN_GREENENTREPRENEURADMIN_VIEW
- ROLE_ADMIN_GREEN_ENTREPRENEUR_EDIT
- ROLE_ADMIN_GREEN_ENTREPRENEUR_VIEW
- ROLE_ADMIN_PROCESO_TAREA_ALL
# - ROLE_ADMIN_CALENDAR_LIST
# - ROLE_APP\ADMIN\CONTACTOGREENENTERPRENEURADMIN_ALL
# - ROLE_ADMIN_CONTACTOGREENENTERPRENEUR_ALL
- ROLE_APP\ADMIN\DOCUMENTOSADMIN_ALL
- ROLE_ADMIN_CALENDAR_LIST
- ROLE_APP_ADMIN_DOCUMENTOSADMIN_ALL
- ROLE_ADMIN_DOCUMENTOS_ALL
- ROLE_APP\ADMIN\PROCESOS_COMENTAR_ALL
- ROLE_ADMIN_PROCESOS_COMENTAR_ALL
- ROLE_APP_ADMIN_PROCESOS_COMENTAR
- ROLE_ADMIN_CONTACT_ALL
- ROLE_ADMIN_CONVOCATORIA_LIST
- ROLE_ADMIN_CONVOCATORIA_INSCRIBIRSE
- ROLE_ADMIN_SALA_ALL
ROLE_BSO:
- ROLE_ADMIN
- ROLE_USER
- ROLE_ADMIN_USER_VIEW
- ROLE_ADMIN_USER_LIST
- ROLE_SONATA_ADMIN
- ROLE_ADMIN_NEWS_ALL
- ROLE_ADMIN_CONVOCATORIA_ALL
# - ROLE_ADMIN_TRAINER_ALL
- ROLE_ADMIN_GREEN_ENTREPRENEUR_VIEW
- ROLE_ADMIN_GREEN_ENTREPRENEUR_LIST
- ROLE_ADMIN_USER_VIEW
- ROLE_ADMIN_USER_EDIT
- ROLE_ADMIN_BSO_VIEW
- ROLE_ADMIN_BSO_EDIT
- ROLE_NEWS_LIST
# - ROLE_ADMIN_CALENDAR_LIST
# - ROLE_APP\ADMIN\CONTACTOGREENENTERPRENEURADMIN_ALL
# - ROLE_ADMIN_CONTACTOGREENENTERPRENEUR_ALL
- ROLE_APP\ADMIN\DOCUMENTOSADMIN_ALL
- ROLE_ADMIN_DOCUMENTOS_ALL
- ROLE_ADMIN_CONTACT_ALL
- ROLE_ADMIN_CONTACTOTRAINER_ALL
- ROLE_ADMIN_WORKSHOP_ALL
- ROLE_ADMIN_INSCRIPCION_LIST
- ROLE_ADMIN_INSCRIPCION_EXPORT
- ROLE_ADMIN_ENCUESTA_ALL
- ROLE_ADMIN_FORMULARIO_ALL
- ROLE_ADMIN_PREGUNTASFORMULARIO_ALL
- ROLE_ADMIN_TEMPLATE_ALL
- ROLE_ADMIN_RESPUESTAS_FORMULARIO_ALL
- ROLE_ADMIN_TRAINER_VIEW
- ROLE_ADMIN_TRAINER_LIST
- ROLE_ADMIN_SALA_ALL
- ROLE_APP_ADMIN_USERADMIN_VIEW
ROLE_TRAINER:
- ROLE_ADMIN
- ROLE_ADMIN_USER_VIEW
- ROLE_ADMIN_USER_EDIT
- ROLE_ADMIN_GREEN_ENTREPRENEUR_LIST
- ROLE_ADMIN_GREEN_ENTREPRENEUR_VIEW
- ROLE_ADMIN_CONTACT_ALL
- ROLE_ADMIN_COMENTARIOS_ALL
- ROLE_ADMIN_RESPUESTAS_ALL
- ROLE_ADMIN_RESPUESTAS_HISTORICAS_ALL
- ROLE_ADMIN_PROCESOS_LIST
- ROLE_ADMIN_USER_VIEW
- ROLE_ADMIN_USER_EDIT
- ROLE_SONATA_USER_ADMIN_USER_LIST
- ROLE_SONATA_USER_ADMIN_USER_VIEW
- ROLE_ADMIN_TRAINER_VIEW
- ROLE_APP_ADMIN_TRAINER_VIEW
- ROLE_ADMIN_TRAINER_EDIT
- ROLE_APP_ADMIN_TRAINER_EDIT
- ROLE_ADMIN_CALENDAR_LIST
# - ROLE_APP\ADMIN\CONTACTOGREENENTERPRENEURADMIN_ALL
# - ROLE_ADMIN_CONTACTOGREENENTERPRENEUR_ALL
- ROLE_APP\ADMIN\DOCUMENTOSADMIN_ALL
- ROLE_ADMIN_DOCUMENTOS_ALL
- ROLE_APP\ADMIN\PROCESOS_COMENTAR_LIST
- ROLE_ADMIN_PROCESOS_COMENTAR_LIST
- ROLE_ADMIN_REALIZAR_TAREA_VIEW
- ROLE_ADMIN_PROCESOS_COMENTAR_ALL
- ROLE_ADMIN_SALA_ALL
- ROLE_APP_ADMIN_USERADMIN_LIST
- ROLE_APP_ADMIN_USERADMIN_VIEW
ROLE_FINANCIALACTOR:
- ROLE_ADMIN
- ROLE_ADMIN_GREEN_ENTREPRENEUR_VIEW
- ROLE_ADMIN_GREEN_ENTREPRENEUR_LIST
- ROLE_ADMIN_CONTACT_ALL
- ROLE_ADMIN_NEWS_VIEW
- ROLE_ADMIN_FINANCIAL_ACTOR_EDIT
- ROLE_ADMIN_FINANCIAL_ACTOR_VIEW
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH, ROLE_EDITOR]
SONATA:
- ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT # if you are using acl then this line must be commented
access_decision_manager:
strategy: unanimous
allow_if_all_abstain: false
encoders:
FOS\UserBundle\Model\UserInterface: sha512
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# user:
# pattern: ^/user(.*)
# form_login:
# provider: fos_userbundle
# login_path: /user/login
# use_forward: false
# check_path: /user/login_check
# failure_path: /user/login
# success_handler: admin_success_handler
# # default_target_path: /user/dashboard
# # always_use_default_target_path: true
# logout:
# path: /user/logout
# target: /user/login
# anonymous: true
admin:
pattern: ^/(%app_locales%)/admin(.*)
context: user
switch_user: { role: ROLE_EDITOR }
remember_me:
secret: '%kernel.secret%'
lifetime: 604800 # 1 week in seconds
path: /
form_login:
provider: fos_userbundle
login_path: fos_user_security_login
use_forward: false
check_path: fos_user_security_check
failure_path: fos_user_security_login
default_target_path: /%locale%/admin/dashboard
always_use_default_target_path: true
success_handler: admin_success_handler
logout:
path: fos_user_security_logout
target: fos_user_security_login
anonymous: true
main:
pattern: .*
anonymous: true
# oauth_token:
# pattern: ^/oauth/v2/token
# security: false
# oauth_authorize:
# pattern: ^/oauth/v2/auth
# form_login:
# provider: fos_userbundle
# check_path: /oauth/v2/auth_login_check
# login_path: /oauth/v2/auth_login
# use_referer: true
api:
pattern: ^/%locale%/api
anonymous: true
access_control:
# ELfinder securing paths
- { path: ^/(%app_locales%)/admin/elfinder.main.js$, role: ROLE_USER }
- { path: ^/(%app_locales%)/admin/elfinder/*, role: ROLE_EDITOR }
- { path: ^/(%app_locales%)/admin/elfinder/news, role: ROLE_BSO }
- { path: ^/(%app_locales%)/admin/elfinder/convocatoria, role: ROLE_BSO }
- { path: ^/(%app_locales%)/admin/elfinder/*, roles: [ROLE_SUPER_ADMIN, ROLE_EDITOR] }
# The WDT has to be allowed to anonymous users to avoid requiring the login with the AJAX request
- { path: ^/wdt/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/profiler/, role: IS_AUTHENTICATED_ANONYMOUSLY }
# AsseticBundle paths used when using the controller for assets
- { path: ^/%locale%/js/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/%locale%/css/, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/user/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/user/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/user/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/user/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/user/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
# URL of FOSUserBundle which need to be available to anonymous users
# Admin login page needs to be accessed without credential
- { path: ^/(%app_locales%)/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/(%app_locales%)/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/(%app_locales%)/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/(%app_locales%)/admin/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
#API routes
# - { path: ^/api, roles: IS_AUTHENTICATED_FULLY}
# - { path: ^/createClient, roles: IS_AUTHENTICATED_ANONYMOUSLY}
# Secured part of the site
# This config requires being logged for the whole site and having the admin role for the admin part.
# Change these rules to adapt them to your needs
# for screenshots disable authentication on admin
# - { path: ^/admin/, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/(%app_locales%)/admin/, role: ROLE_ADMIN }
- { path: ^/(%app_locales%)/register, role: ROLE_ADMIN }
# - { path: ^/user/, role: ROLE_USER }
# - { path: ^/user/, role: ROLE_USER }
- { path: ^/(%app_locales%)/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
|
