security: # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers role_hierarchy: ROLE_USER: [ROLE_SONATA_BLOCK_ADMIN_CONTRACT_VIEW,ROLE_SONATA_BLOCK_ADMIN_CONTRACT_GUEST ] ROLE_ADMIN: - ROLE_USER - ROLE_SONATA_ADMIN ROLE_EDITOR: - ROLE_ADMIN - ROLE_ADMIN_USER_ALL - ROLE_ADMIN_CALENDAR_VIEW - ROLE_SONATA_USER_ADMIN_USER_ALL - ROLE_SONATA_USER_ADMIN_GROUP_ALL - ROLE_ADMIN_PROCESOS_ALL - ROLE_TAREAS_ALL - ROLE_PRECONDITION_ADMIN_ALL - ROLE_ADMIN_POSTCONDITION_ALL - ROLE_ADMIN_PRECONDITION_ALL - ROLE_ADMIN_REALIZAR_TAREA_EDIT - ROLE_ADMIN_REALIZAR_TAREA_DELETE - ROLE_RULES_ADMIN_ALL - ROLE_SONATA_USER_ADMIN_USER_ALL - ROLE_SONATA_USER_ADMIN_GROUP_ALL - ROLE_POSTCONDITION_ADMIN_ALL - ROLE_ADMIN_PREGUNTAS_ALL - ROLE_ADMIN_TAREA_ALL - ROLE_APP\ADMIN\TAREAADMIN_ALL - ROLE_ADMIN_TEMPLATE_ALL - ROLE_ADMIN_RECURSOTOTAREA_ALL - ROLE_APP\ADMIN\RECURSOTOTAREAADMIN_ALL - ROLE_APP\ADMIN\TEMPLATEADMIN_ALL - ROLE_APP\ADMIN\COMPONENTADMIN_ALL - ROLE_APP\ADMIN\EXTERNALADMIN_ALL - ROLE_ADMIN_COMPONENT_ALL - ROLE_ADMIN_FORM_COMPONENT_ALL - ROLE_ADMIN_FORMCOMPONENT_ALL - ROLE_ADMIN_EXTERNAL_ALL - ROLE_ADMIN_TIPO_PREGUNTA_ALL - ROLE_APP\ADMIN\TIPOPREGUNTAADMIN_ALL - ROLE_ADMIN_TIPOS_RECURSOS_ALL - ROLE_APP\ADMIN\TIPOSRECURSOSADMIN_ALL - ROLE_ADMIN_RECURSOS_ALL - ROLE_APP\ADMIN\RECURSOSADMIN_ALL - ROLE_ADMIN_SECCIONES_TAREA_ALL - ROLE_ADMIN_CALENDAR_LIST - ROLE_ADMIN_MAILLOGGER_ALL - ROLE_APP\ADMIN\RECURSOTOTAREAADMIN_ALL # - ROLE_APP\ADMIN\CONTACTOGREENENTERPRENEURADMIN_ALL # - ROLE_ADMIN_CONTACTOGREENENTERPRENEUR_ALL - ROLE_APP\ADMIN\DOCUMENTOSADMIN_ALL - ROLE_ADMIN_DOCUMENTOS_ALL - ROLE_APP\ADMIN\PROCESOGREENENTERPRENEURADMIN_ALL - ROLE_ADMIN_PROCESO_GREEN_ENTERPRENEUR_ALL - ROLE_APP\ADMIN\PROCESOS_COMENTAR_ALL - ROLE_ADMIN_PROCESOS_COMENTAR_ALL - ROLE_APP\ADMIN\TASKBUILDER_ALL - ROLE_ADMIN_TASKBUILDER_ALL - ROLE_ADMIN_ENCUESTA_ALL - ROLE_APP\ADMIN\USERADMIN_ALL - ROLE_APP\ADMIN\MAILLOGGERADMIN_ALL - ROLE_APP_ADMIN_GREENENTREPRENEUR_ALL - ROLE_APP_ADMIN_TRAINER_ALL - ROLE_ADMIN_RESPUESTAS_ALL - ROLE_ADMIN_RESPUESTAS_HISTORICAS_ALL - ROLE_ADMIN_INDICADOR_ALL - ROLE_ADMIN_SECTOR_ALL - ROLE_ADMIN_BUSSINESS_STAGE_ALL - ROLE_ADMIN_CONVOCATORIA_ALL - ROLE_ADMIN_NEWS_ALL - ROLE_ADMIN_WORKSHOP_ALL - ROLE_ADMIN_CONTADOR_ALL - ROLE_ADMIN_BOOKMARKS_ALL - ROLE_ALLOWED_TO_SWITCH ROLE_VISOR: - ROLE_ADMIN - ROLE_ADMIN_USER_LIST - ROLE_ADMIN_USER_VIEW - ROLE_ADMIN_CALENDAR_VIEW - ROLE_SONATA_USER_ADMIN_USER_LIST - ROLE_SONATA_USER_ADMIN_USER_VIEW - ROLE_SONATA_USER_ADMIN_GROUP_LIST - ROLE_SONATA_USER_ADMIN_GROUP_VIEW - ROLE_ADMIN_PROCESOS_LIST - ROLE_ADMIN_PROCESOS_VIEW - ROLE_TAREAS_LIST - ROLE_TAREAS_VIEW - ROLE_PRECONDITION_ADMIN_LIST - ROLE_PRECONDITION_ADMIN_VIEW - ROLE_ADMIN_POSTCONDITION_LIST - ROLE_ADMIN_POSTCONDITION_VIEW - ROLE_ADMIN_PRECONDITION_LIST - ROLE_ADMIN_PRECONDITION_VIEW - ROLE_ADMIN_REALIZAR_TAREA_LIST - ROLE_ADMIN_REALIZAR_TAREA_VIEW - ROLE_RULES_ADMIN_LIST - ROLE_RULES_ADMIN_VIEW - ROLE_SONATA_USER_ADMIN_USER_LIST - ROLE_SONATA_USER_ADMIN_USER_VIEW - ROLE_SONATA_USER_ADMIN_GROUP_LIST - ROLE_SONATA_USER_ADMIN_GROUP_VIEW - ROLE_ADMIN_PREGUNTAS_LIST - ROLE_ADMIN_PREGUNTAS_VIEW - ROLE_ADMIN_TAREA_LIST - ROLE_ADMIN_TAREA_VIEW - ROLE_ADMIN_TEMPLATE_LIST - ROLE_ADMIN_TEMPLATE_VIEW - ROLE_ADMIN_RECURSOTOTAREA_LIST - ROLE_ADMIN_RECURSOTOTAREA_VIEW - ROLE_ADMIN_COMPONENT_LIST - ROLE_ADMIN_COMPONENT_VIEW - ROLE_ADMIN_FORM_COMPONENT_LIST - ROLE_ADMIN_FORM_COMPONENT_VIEW - ROLE_ADMIN_FORMCOMPONENT_LIST - ROLE_ADMIN_FORMCOMPONENT_VIEW - ROLE_ADMIN_EXTERNAL_LIST - ROLE_ADMIN_EXTERNAL_VIEW - ROLE_ADMIN_TIPO_PREGUNTA_LIST - ROLE_ADMIN_TIPO_PREGUNTA_VIEW - ROLE_APP\ADMIN\TIPOPREGUNTAADMIN_LIST - ROLE_APP\ADMIN\TIPOPREGUNTAADMIN_VIEW - ROLE_ADMIN_TIPOS_RECURSOS_LIST - ROLE_ADMIN_TIPOS_RECURSOS_VIEW - ROLE_APP\ADMIN\TIPOSRECURSOSADMIN_LIST - ROLE_APP\ADMIN\TIPOSRECURSOSADMIN_VIEW - ROLE_ADMIN_RECURSOS_LIST - ROLE_ADMIN_RECURSOS_VIEW - ROLE_APP\ADMIN\RECURSOSADMIN_LIST - ROLE_APP\ADMIN\RECURSOSADMIN_VIEW - ROLE_ADMIN_SECCIONES_TAREA_LIST - ROLE_ADMIN_SECCIONES_TAREA_VIEW - ROLE_ADMIN_CALENDAR_LIST - ROLE_ADMIN_MAILLOGGER_LIST - ROLE_ADMIN_MAILLOGGER_VIEW - ROLE_APP\ADMIN\RECURSOTOTAREAADMIN_LIST - ROLE_APP\ADMIN\RECURSOTOTAREAADMIN_VIEW - ROLE_APP\ADMIN\DOCUMENTOSADMIN_LIST - ROLE_APP\ADMIN\DOCUMENTOSADMIN_VIEW - ROLE_ADMIN_DOCUMENTOS_LIST - ROLE_ADMIN_DOCUMENTOS_VIEW - ROLE_APP\ADMIN\PROCESOGREENENTERPRENEURADMIN_LIST - ROLE_APP\ADMIN\PROCESOGREENENTERPRENEURADMIN_VIEW - ROLE_ADMIN_PROCESO_GREEN_ENTERPRENEUR_LIST - ROLE_ADMIN_PROCESO_GREEN_ENTERPRENEUR_VIEW - ROLE_APP\ADMIN\PROCESOS_COMENTAR_LIST - ROLE_APP\ADMIN\PROCESOS_COMENTAR_VIEW - ROLE_ADMIN_PROCESOS_COMENTAR_VIEW - ROLE_ADMIN_PROCESOS_COMENTAR_LIST - ROLE_APP\ADMIN\USERADMIN_LIST - ROLE_APP\ADMIN\USERADMIN_VIEW - ROLE_APP_ADMIN_GREENENTREPRENEUR_LIST - ROLE_APP_ADMIN_GREENENTREPRENEUR_VIEW - ROLE_APP_ADMIN_TRAINER_LIST - ROLE_APP_ADMIN_TRAINER_VIEW - ROLE_ADMIN_RESPUESTAS_VIEW - ROLE_ADMIN_RESPUESTAS_LIST - ROLE_ADMIN_RESPUESTAS_HISTORICAS_LIST - ROLE_ADMIN_RESPUESTAS_HISTORICAS_VIEW - ROLE_ADMIN_INDICADOR_LIST - ROLE_ADMIN_INDICADOR_VIEW - ROLE_ADMIN_SECTOR_LIST - ROLE_ADMIN_SECTOR_VIEW - ROLE_ADMIN_BUSSINESS_STAGE_LIST - ROLE_ADMIN_BUSSINESS_STAGE_VIEW - ROLE_ADMIN_CONVOCATORIA_LIST - ROLE_ADMIN_CONVOCATORIA_VIEW - ROLE_ADMIN_NEWS_LIST - ROLE_ADMIN_NEWS_VIEW - ROLE_ADMIN_WORKSHOP_LIST - ROLE_ADMIN_WORKSHOP_VIEW - ROLE_ADMIN_CONTADOR_LIST - ROLE_ADMIN_CONTADOR_VIEW - ROLE_ADMIN_BOOKMARKS_LIST - ROLE_ADMIN_BOOKMARKS_VIEW - ROLE_ADMIN_GREENENTREPRENEUR_VIEW - ROLE_APP_ADMIN_GREENENTREPRENEUR_VIEW - ROLE_ADMIN_GREENENTREPRENEUR_LIST - ROLE_APP_ADMIN_GREENENTREPRENEUR_LIST - ROLE_APP_ADMIN_GREENENTREPRENEURADMIN_LIST - ROLE_APP_ADMIN_GREENENTREPRENEURADMIN_VIEW - ROLE_ADMIN_GREEN_ENTREPRENEUR_LIST - ROLE_ADMIN_GREEN_ENTREPRENEUR_VIEW - ROLE_APP_ADMIN_TRAINER_LIST - ROLE_APP_ADMIN_TRAINER_VIEW - ROLE_APP_ADMIN_BSO_LIST - ROLE_APP_ADMIN_BSO_VIEW - ROLE_APP_ADMIN_FINANCIAL_ACTOR_LIST - ROLE_APP_ADMIN_FINANCIAL_ACTOR_VIEW - ROLE_ADMIN_ENCUESTA_LIST - ROLE_ADMIN_ENCUESTA_VIEW - ROLE_ADMIN_FORMULARIO_LIST - ROLE_ADMIN_FORMULARIO_VIEW - ROLE_ADMIN_TRAINER_LIST - ROLE_ADMIN_TRAINER_VIEW - ROLE_ADMIN_BSO_LIST - ROLE_ADMIN_BSO_VIEW - ROLE_ADMIN_FINANCIAL_ACTOR_LIST - ROLE_ADMIN_FINANCIAL_ACTOR_VIEW - ROLE_APP\ADMIN\BSO_LIST - ROLE_APP\ADMIN\BSO_VIEW ROLE_GREENENTERPRENEUR: - ROLE_ADMIN - ROLE_ADMIN_PROCESOS_LIST - ROLE_ADMIN_CALENDAR_EDIT - ROLE_ADMIN_USER_VIEW - ROLE_ADMIN_USER_EDIT - ROLE_ADMIN_PROCESO_TAREA_ALL - ROLE_SONATA_USER_ADMIN_USER_EDIT - ROLE_SONATA_USER_ADMIN_USER_VIEW - ROLE_APP_ADMIN_USERADMIN_EDIT - ROLE_APP_ADMIN_USERADMIN_VIEW - ROLE_ADMIN_GREENENTREPRENEUR_VIEW - ROLE_APP_ADMIN_GREENENTREPRENEUR_VIEW - ROLE_ADMIN_GREENENTREPRENEUR_EDIT - ROLE_APP_ADMIN_GREENENTREPRENEUR_EDIT - ROLE_APP_ADMIN_GREENENTREPRENEURADMIN_EDIT - ROLE_APP_ADMIN_GREENENTREPRENEURADMIN_VIEW - ROLE_ADMIN_GREEN_ENTREPRENEUR_EDIT - ROLE_ADMIN_GREEN_ENTREPRENEUR_VIEW - ROLE_ADMIN_PROCESO_TAREA_ALL # - ROLE_ADMIN_CALENDAR_LIST # - ROLE_APP\ADMIN\CONTACTOGREENENTERPRENEURADMIN_ALL # - ROLE_ADMIN_CONTACTOGREENENTERPRENEUR_ALL - ROLE_APP\ADMIN\DOCUMENTOSADMIN_ALL - ROLE_ADMIN_CALENDAR_LIST - ROLE_APP_ADMIN_DOCUMENTOSADMIN_ALL - ROLE_ADMIN_DOCUMENTOS_ALL - ROLE_APP\ADMIN\PROCESOS_COMENTAR_ALL - ROLE_ADMIN_PROCESOS_COMENTAR_ALL - ROLE_APP_ADMIN_PROCESOS_COMENTAR - ROLE_ADMIN_CONTACT_ALL - ROLE_ADMIN_CONVOCATORIA_LIST - ROLE_ADMIN_CONVOCATORIA_INSCRIBIRSE - ROLE_ADMIN_SALA_ALL ROLE_BSO: - ROLE_ADMIN - ROLE_USER - ROLE_ADMIN_USER_VIEW - ROLE_ADMIN_USER_LIST - ROLE_SONATA_ADMIN - ROLE_ADMIN_NEWS_ALL - ROLE_ADMIN_CONVOCATORIA_ALL # - ROLE_ADMIN_TRAINER_ALL - ROLE_ADMIN_GREEN_ENTREPRENEUR_VIEW - ROLE_ADMIN_GREEN_ENTREPRENEUR_LIST - ROLE_ADMIN_USER_VIEW - ROLE_ADMIN_USER_EDIT - ROLE_ADMIN_BSO_VIEW - ROLE_ADMIN_BSO_EDIT - ROLE_NEWS_LIST # - ROLE_ADMIN_CALENDAR_LIST # - ROLE_APP\ADMIN\CONTACTOGREENENTERPRENEURADMIN_ALL # - ROLE_ADMIN_CONTACTOGREENENTERPRENEUR_ALL - ROLE_APP\ADMIN\DOCUMENTOSADMIN_ALL - ROLE_ADMIN_DOCUMENTOS_ALL - ROLE_ADMIN_CONTACT_ALL - ROLE_ADMIN_CONTACTOTRAINER_ALL - ROLE_ADMIN_WORKSHOP_ALL - ROLE_ADMIN_INSCRIPCION_LIST - ROLE_ADMIN_INSCRIPCION_EXPORT - ROLE_ADMIN_ENCUESTA_ALL - ROLE_ADMIN_FORMULARIO_ALL - ROLE_ADMIN_PREGUNTASFORMULARIO_ALL - ROLE_ADMIN_TEMPLATE_ALL - ROLE_ADMIN_RESPUESTAS_FORMULARIO_ALL - ROLE_ADMIN_TRAINER_VIEW - ROLE_ADMIN_TRAINER_LIST - ROLE_ADMIN_SALA_ALL - ROLE_APP_ADMIN_USERADMIN_VIEW ROLE_TRAINER: - ROLE_ADMIN - ROLE_ADMIN_USER_VIEW - ROLE_ADMIN_USER_EDIT - ROLE_ADMIN_GREEN_ENTREPRENEUR_LIST - ROLE_ADMIN_GREEN_ENTREPRENEUR_VIEW - ROLE_ADMIN_CONTACT_ALL - ROLE_ADMIN_COMENTARIOS_ALL - ROLE_ADMIN_RESPUESTAS_ALL - ROLE_ADMIN_RESPUESTAS_HISTORICAS_ALL - ROLE_ADMIN_PROCESOS_LIST - ROLE_ADMIN_USER_VIEW - ROLE_ADMIN_USER_EDIT - ROLE_SONATA_USER_ADMIN_USER_LIST - ROLE_SONATA_USER_ADMIN_USER_VIEW - ROLE_ADMIN_TRAINER_VIEW - ROLE_APP_ADMIN_TRAINER_VIEW - ROLE_ADMIN_TRAINER_EDIT - ROLE_APP_ADMIN_TRAINER_EDIT - ROLE_ADMIN_CALENDAR_LIST # - ROLE_APP\ADMIN\CONTACTOGREENENTERPRENEURADMIN_ALL # - ROLE_ADMIN_CONTACTOGREENENTERPRENEUR_ALL - ROLE_APP\ADMIN\DOCUMENTOSADMIN_ALL - ROLE_ADMIN_DOCUMENTOS_ALL - ROLE_APP\ADMIN\PROCESOS_COMENTAR_LIST - ROLE_ADMIN_PROCESOS_COMENTAR_LIST - ROLE_ADMIN_REALIZAR_TAREA_VIEW - ROLE_ADMIN_PROCESOS_COMENTAR_ALL - ROLE_ADMIN_SALA_ALL - ROLE_APP_ADMIN_USERADMIN_LIST - ROLE_APP_ADMIN_USERADMIN_VIEW ROLE_FINANCIALACTOR: - ROLE_ADMIN - ROLE_ADMIN_GREEN_ENTREPRENEUR_VIEW - ROLE_ADMIN_GREEN_ENTREPRENEUR_LIST - ROLE_ADMIN_CONTACT_ALL - ROLE_ADMIN_NEWS_VIEW - ROLE_ADMIN_FINANCIAL_ACTOR_EDIT - ROLE_ADMIN_FINANCIAL_ACTOR_VIEW ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH, ROLE_EDITOR] SONATA: - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT # if you are using acl then this line must be commented access_decision_manager: strategy: unanimous allow_if_all_abstain: false encoders: FOS\UserBundle\Model\UserInterface: sha512 providers: fos_userbundle: id: fos_user.user_provider.username_email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false # user: # pattern: ^/user(.*) # form_login: # provider: fos_userbundle # login_path: /user/login # use_forward: false # check_path: /user/login_check # failure_path: /user/login # success_handler: admin_success_handler # # default_target_path: /user/dashboard # # always_use_default_target_path: true # logout: # path: /user/logout # target: /user/login # anonymous: true admin: pattern: ^/(%app_locales%)/admin(.*) context: user switch_user: { role: ROLE_EDITOR } remember_me: secret: '%kernel.secret%' lifetime: 604800 # 1 week in seconds path: / form_login: provider: fos_userbundle login_path: fos_user_security_login use_forward: false check_path: fos_user_security_check failure_path: fos_user_security_login default_target_path: /%locale%/admin/dashboard always_use_default_target_path: true success_handler: admin_success_handler logout: path: fos_user_security_logout target: fos_user_security_login anonymous: true main: pattern: .* anonymous: true # oauth_token: # pattern: ^/oauth/v2/token # security: false # oauth_authorize: # pattern: ^/oauth/v2/auth # form_login: # provider: fos_userbundle # check_path: /oauth/v2/auth_login_check # login_path: /oauth/v2/auth_login # use_referer: true api: pattern: ^/%locale%/api anonymous: true access_control: # ELfinder securing paths - { path: ^/(%app_locales%)/admin/elfinder.main.js$, role: ROLE_USER } - { path: ^/(%app_locales%)/admin/elfinder/*, role: ROLE_EDITOR } - { path: ^/(%app_locales%)/admin/elfinder/news, role: ROLE_BSO } - { path: ^/(%app_locales%)/admin/elfinder/convocatoria, role: ROLE_BSO } - { path: ^/(%app_locales%)/admin/elfinder/*, roles: [ROLE_SUPER_ADMIN, ROLE_EDITOR] } # The WDT has to be allowed to anonymous users to avoid requiring the login with the AJAX request - { path: ^/wdt/, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/profiler/, role: IS_AUTHENTICATED_ANONYMOUSLY } # AsseticBundle paths used when using the controller for assets - { path: ^/%locale%/js/, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/%locale%/css/, role: IS_AUTHENTICATED_ANONYMOUSLY } # - { path: ^/user/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } # - { path: ^/user/register, role: IS_AUTHENTICATED_ANONYMOUSLY } # - { path: ^/user/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY } # - { path: ^/user/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY } # - { path: ^/user/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } # URL of FOSUserBundle which need to be available to anonymous users # Admin login page needs to be accessed without credential - { path: ^/(%app_locales%)/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/(%app_locales%)/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/(%app_locales%)/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/(%app_locales%)/admin/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } #API routes # - { path: ^/api, roles: IS_AUTHENTICATED_FULLY} # - { path: ^/createClient, roles: IS_AUTHENTICATED_ANONYMOUSLY} # Secured part of the site # This config requires being logged for the whole site and having the admin role for the admin part. # Change these rules to adapt them to your needs # for screenshots disable authentication on admin # - { path: ^/admin/, role: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/(%app_locales%)/admin/, role: ROLE_ADMIN } - { path: ^/(%app_locales%)/register, role: ROLE_ADMIN } # - { path: ^/user/, role: ROLE_USER } # - { path: ^/user/, role: ROLE_USER } - { path: ^/(%app_locales%)/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }