[wip] upgrade configuration to chill v3 (symfony 5)

2024-07-03 11:14:05 +02:00
parent 002fd7b632
commit bf29c7756f
20 changed files with 137 additions and 199 deletions
--- a/config/packages/security_chill.yaml
+++ b/config/packages/security_chill.yaml
@@ -0,0 +1,50 @@
+security:
+    access_decision_manager:
+        strategy: unanimous
+        allow_if_all_abstain: false
+    firewalls:
+        dev:
+            pattern: ^/(_(profiler|wdt)|css|images|js)/
+            security: false
+        wopi:
+            pattern: ^/wopi
+            provider: chill_chain_provider
+            stateless: true
+            guard:
+                authenticators:
+                    - lexik_jwt_authentication.jwt_token_authenticator
+        chill_main:
+            # remove during upgrade from symfony 4 to symfony 5 TODO check this
+            #anonymous: ~
+            provider: chill_chain_provider
+            form_login:
+                csrf_parameter: _csrf_token
+                csrf_token_id: authenticate
+                #csrf_provider: security.csrf.token_manager
+            # remove during upgrade from symfony 4 to symfony 5 TODO check this
+            # logout_on_user_change: true
+            logout:
+                path: /logout
+
+            # uncomment to enable impersonate mode in Chill
+            # https://symfony.com/doc/current/security/impersonating_user.html
+            switch_user: true
+
+            # activate different ways to authenticate
+            # https://symfony.com/doc/current/security.html#firewalls-authentication
+
+    # Easy way to control access for large sections of your site
+    # Note: Only the *first* access control that matches will be used
+    access_control:
+        - { path: ^/(login|logout), roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/public, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/wopi, roles: IS_AUTHENTICATED_FULLY }
+        # access for homepage, the homepage redirect admin to admin section
+        - { path: ^/$, roles: [ IS_AUTHENTICATED_REMEMBERED ] }
+        - { path: ^/homepage$, roles: [ IS_AUTHENTICATED_REMEMBERED ] }
+        # idem
+        - { path: ^/([a-z]+/)?homepage, roles: [ IS_AUTHENTICATED_REMEMBERED ] }
+        # admin section, only for admin
+        - { path: ^/([a-z]+/)?admin, roles: ROLE_ADMIN }
+        # other pages, only for regular user (no admin)
+        - { path: ^/, roles: ROLE_USER }