Commitf50119c

committed

minor#14816 [Security] Update access_control.rst (BooleanType)

This PR was submitted for the 5.2 branch but it was squashed and merged into the 4.4 branch instead.Discussion----------[Security] Update access_control.rstIMHO, rule 1 should be applied instead of rule 2, because URI and IP match is enough for rule 1.Commits-------da8362f [Security] Update access_control.rst

2 parentsa3716a4 +da8362f commitf50119cCopy full SHA for f50119c

File tree

1 file changed

+10

-10

lines changed

security
- access_control.rst

1 file changed

+10

-10

lines changed

`‎security/access_control.rst‎`

Lines changed: 10 additions & 10 deletions

Original file line number	Diff line number	Diff line change
@@ -40,8 +40,8 @@ Take the following ``access_control`` entries as an example:
`40`	`40`	`security:`
`41`	`41`	`# ...`
`42`	`42`	`access_control:`
`43`		`- -{ path: '^/admin', roles: ROLE_USER_IP, ip: 127.0.0.1 }`
`44`	`43`	`-{ path: '^/admin', roles: ROLE_USER_PORT, ip: 127.0.0.1, port: 8080 }`
	`44`	`+ -{ path: '^/admin', roles: ROLE_USER_IP, ip: 127.0.0.1 }`
`45`	`45`	`-{ path: '^/admin', roles: ROLE_USER_HOST, host: symfony\.com$ }`
`46`	`46`	`-{ path: '^/admin', roles: ROLE_USER_METHOD, methods: [POST, PUT] }`
`47`	`47`	`# when defining multiple roles, users must have at least one of them (it's like an OR condition)`
@@ -59,8 +59,8 @@ Take the following ``access_control`` entries as an example:
`59`	`59`
`60`	`60`	`<config>`
`61`	`61`	`<!-- ...-->`
`62`		`- <rulepath="^/admin"role="ROLE_USER_IP"ip="127.0.0.1"/>`
`63`	`62`	`<rulepath="^/admin"role="ROLE_USER_PORT"ip="127.0.0.1"port="8080"/>`
	`63`	`+ <rulepath="^/admin"role="ROLE_USER_IP"ip="127.0.0.1"/>`
`64`	`64`	`<rulepath="^/admin"role="ROLE_USER_HOST"host="symfony\.com$"/>`
`65`	`65`	`<rulepath="^/admin"role="ROLE_USER_METHOD"methods="POST, PUT"/>`
`66`	`66`	`<!-- when defining multiple roles, users must have at least one of them (it's like an OR condition)-->`
@@ -74,17 +74,17 @@ Take the following ``access_control`` entries as an example:
`74`	`74`	`$container->loadFromExtension('security', [`
`75`	`75`	`// ...`
`76`	`76`	`'access_control' => [`
`77`		`- [`
`78`		`- 'path' => '^/admin',`
`79`		`- 'roles' => 'ROLE_USER_IP',`
`80`		`- 'ips' => '127.0.0.1',`
`81`		`- ],`
`82`	`77`	`[`
`83`	`78`	`'path' => '^/admin',`
`84`	`79`	`'roles' => 'ROLE_USER_PORT',`
`85`	`80`	`'ip' => '127.0.0.1',`
`86`	`81`	`'port' => '8080',`
`87`	`82`	`],`
	`83`	`+ [`
	`84`	`+ 'path' => '^/admin',`
	`85`	`+ 'roles' => 'ROLE_USER_IP',`
	`86`	`+ 'ips' => '127.0.0.1',`
	`87`	`+ ],`
`88`	`88`	`[`
`89`	`89`	`'path' => '^/admin',`
`90`	`90`	`'roles' => 'ROLE_USER_HOST',`
@@ -112,13 +112,13 @@ if ``ip``, ``port``, ``host`` or ``method`` are not specified for an entry, that
`112`	`112`	`+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+`
`113`	`113`	\| URI\| IP\| PORT\| HOST\| METHOD\| ``access_control``\| Why?\|
`114`	`114`	`+=================+=============+=============+=============+============+================================+=============================================================+`
`115`		-\| ``/admin/user``\| 127.0.0.1\| 80\| example.com\| GET\| rule #1 (``ROLE_USER_IP``)\| The URI matches ``path`` and the IP matches ``ip``.\|
	`115`	+\| ``/admin/user``\| 127.0.0.1\| 80\| example.com\| GET\| rule #2 (``ROLE_USER_IP``)\| The URI matches ``path`` and the IP matches ``ip``.\|
`116`	`116`	`+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+`
`117`		-\| ``/admin/user``\| 127.0.0.1\| 80\| symfony.com\| GET\| rule #1 (``ROLE_USER_IP``)\| The ``path`` and ``ip`` still match. This would also match\|
	`117`	+\| ``/admin/user``\| 127.0.0.1\| 80\| symfony.com\| GET\| rule #2 (``ROLE_USER_IP``)\| The ``path`` and ``ip`` still match. This would also match\|
`118`	`118`	\|\|\|\|\|\|\| the ``ROLE_USER_HOST`` entry, but only the first\|
`119`	`119`	\|\|\|\|\|\|\| ``access_control`` match is used.\|
`120`	`120`	`+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+`
`121`		-\| ``/admin/user``\| 127.0.0.1\| 8080\| symfony.com\| GET\| rule #2 (``ROLE_USER_PORT``)\| The ``path``, ``ip`` and ``port`` match.\|
	`121`	+\| ``/admin/user``\| 127.0.0.1\| 8080\| symfony.com\| GET\| rule #1 (``ROLE_USER_PORT``)\| The ``path``, ``ip`` and ``port`` match.\|
`122`	`122`	`+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+`
`123`	`123`	\| ``/admin/user``\| 168.0.0.1\| 80\| symfony.com\| GET\| rule #3 (``ROLE_USER_HOST``)\| The ``ip`` doesn't match the first rule, so the second\|
`124`	`124`	`\|\|\|\|\|\|\| rule (which matches) is used.\|`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitf50119c

File tree

1 file changed

1 file changed

`‎security/access_control.rst‎`

0 commit comments