From ad8267bd375c3050dabfb1a7fa5b58d04494aee9 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Fri, 21 Jun 2013 09:30:19 +0200 Subject: [PATCH 1/8] Fixed formatting issue --- book/security.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/security.rst b/book/security.rst index cb583031a90..c58d763f41e 100644 --- a/book/security.rst +++ b/book/security.rst @@ -415,7 +415,7 @@ submission (i.e. ``/login_check``): ``check_path`` ``logout`` keys. These keys can be route names (as shown in this example) or URLs that have routes configured for them. -Notice that the name of the ``login`` route matches the``login_path`` config +Notice that the name of the ``login`` route matches the ``login_path`` config value, as that's where the security system will redirect users that need to login. From 239a6e9f03fc6328f8aa1e24619b7304e9652b71 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Fri, 21 Jun 2013 09:30:44 +0200 Subject: [PATCH 2/8] Changed link to docs instead of code --- book/security.rst | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/book/security.rst b/book/security.rst index c58d763f41e..7f60d0b53da 100644 --- a/book/security.rst +++ b/book/security.rst @@ -25,8 +25,8 @@ application with HTTP Basic authentication. .. note:: - `Symfony's security component`_ is available as a standalone PHP library - for use inside any PHP project. + :doc:`Symfony's security component ` is + available as a standalone PHP library for use inside any PHP project. Basic Example: HTTP Authentication ---------------------------------- @@ -2040,7 +2040,6 @@ Learn more from the Cookbook * :doc:`Access Control Lists (ACLs) ` * :doc:`/cookbook/security/remember_me` -.. _`Symfony's security component`: https://github.com/symfony/Security .. _`JMSSecurityExtraBundle`: http://jmsyst.com/bundles/JMSSecurityExtraBundle/1.2 .. _`FOSUserBundle`: https://github.com/FriendsOfSymfony/FOSUserBundle .. _`implement the \Serializable interface`: http://php.net/manual/en/class.serializable.php From b377ecf292492fc6415ff67f452481b4055fdbd0 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Fri, 21 Jun 2013 09:30:52 +0200 Subject: [PATCH 3/8] Removed repeating text --- book/security.rst | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/book/security.rst b/book/security.rst index 7f60d0b53da..e80d3b307ba 100644 --- a/book/security.rst +++ b/book/security.rst @@ -674,14 +674,11 @@ see :doc:`/cookbook/security/form_login`. Authorization ------------- -The first step in security is always authentication: the process of verifying -who the user is. With Symfony, authentication can be done in any way - via -a form login, basic HTTP Authentication, or even via Facebook. - -Once the user has been authenticated, authorization begins. Authorization -provides a standard and powerful way to decide if a user can access any resource -(a URL, a model object, a method call, ...). This works by assigning specific -roles to each user, and then requiring different roles for different resources. +The first step in security is always authentication. Once the user has been +authenticated, authorization begins. Authorization provides a standard and +powerful way to decide if a user can access any resource (a URL, a model +object, a method call, ...). This works by assigning specific roles to each +user, and then requiring different roles for different resources. The process of authorization has two different sides: From 42cbad26dd8b96c73be2c4d5d1f41f64b74835b8 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Fri, 21 Jun 2013 14:53:16 +0200 Subject: [PATCH 4/8] Removed "see section X" caution Section is the next section after the caution, just 100px below --- book/security.rst | 6 ------ 1 file changed, 6 deletions(-) diff --git a/book/security.rst b/book/security.rst index e80d3b307ba..8f921058a6f 100644 --- a/book/security.rst +++ b/book/security.rst @@ -697,12 +697,6 @@ URL pattern. You've seen this already in the first example of this chapter, where anything matching the regular expression pattern ``^/admin`` requires the ``ROLE_ADMIN`` role. -.. caution:: - - Understanding exactly how ``access_control`` works is **very** important - to make sure your application is properly secured. See :ref:`security-book-access-control-explanation` - below for detailed information. - You can define as many URL patterns as you need - each is a regular expression. .. configuration-block:: From c58d1be6954f0831969a851c39da8bdf2624b579 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Sun, 23 Jun 2013 12:53:10 +0200 Subject: [PATCH 5/8] Improved list --- book/security.rst | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/book/security.rst b/book/security.rst index 8f921058a6f..ae0bfd02e57 100644 --- a/book/security.rst +++ b/book/security.rst @@ -748,12 +748,15 @@ to find *one* that matches the current request. As soon as it finds a matching is used to enforce access. Each ``access_control`` has several options that configure two different -things: (a) :ref:`should the incoming request match this access control entry` -and (b) :ref:`once it matches, should some sort of access restriction be enforced`: +things: + +* :ref:`should the incoming request match this access control entry` +* :ref:`once it matches, should some sort of access restriction be enforced`: .. _security-book-access-control-matching-options: -**(a) Matching Options** +Matching Options +................ Symfony2 creates an instance of :class:`Symfony\\Component\\HttpFoundation\\RequestMatcher` for each ``access_control`` entry, which determines whether or not a given @@ -833,7 +836,8 @@ will match any ``ip``, ``host`` or ``method``: .. _security-book-access-control-enforcement-options: -**(b) Access Enforcement** +Access Enforcement +.................. Once Symfony2 has decided which ``access_control`` entry matches (if any), it then *enforces* access restrictions based on the ``roles`` and ``requires_channel`` From a79617b210b4908850e4e90cc8806fba9ef00650 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Sun, 23 Jun 2013 12:53:21 +0200 Subject: [PATCH 6/8] Improved code readability --- book/security.rst | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/book/security.rst b/book/security.rst index ae0bfd02e57..6398dbaf471 100644 --- a/book/security.rst +++ b/book/security.rst @@ -1180,7 +1180,9 @@ class: security: providers: main: - entity: { class: Acme\UserBundle\Entity\User, property: username } + entity: + class: Acme\UserBundle\Entity\User + property: username .. code-block:: xml @@ -1197,7 +1199,10 @@ class: $container->loadFromExtension('security', array( 'providers' => array( 'main' => array( - 'entity' => array('class' => 'Acme\UserBundle\Entity\User', 'property' => 'username'), + 'entity' => array( + 'class' => 'Acme\UserBundle\Entity\User', + 'property' => 'username', + ), ), ), )); From b3cc1ed31d93089f763ae3f517061dcce6e57363 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Sat, 29 Jun 2013 20:35:48 +0200 Subject: [PATCH 7/8] Moved caution directive to not break colon --- book/security.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/book/security.rst b/book/security.rst index 6398dbaf471..7cde88c9297 100644 --- a/book/security.rst +++ b/book/security.rst @@ -1705,11 +1705,6 @@ Note that you will *not* need to implement a controller for the ``/logout`` URL as the firewall takes care of everything. You *do*, however, need to create a route so that you can use it to generate the URL: -.. caution:: - - As of Symfony 2.1, you *must* have a route that corresponds to your logout - path. Without this route, logging out will not work. - .. configuration-block:: .. code-block:: yaml @@ -1742,6 +1737,11 @@ a route so that you can use it to generate the URL: return $collection; +.. caution:: + + As of Symfony 2.1, you *must* have a route that corresponds to your logout + path. Without this route, logging out will not work. + Once the user has been logged out, he will be redirected to whatever path is defined by the ``target`` parameter above (e.g. the ``homepage``). For more information on configuring the logout, see the From 75fdf55bf0a28664e61bf388b0cac3b656c83541 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Sat, 29 Jun 2013 20:36:23 +0200 Subject: [PATCH 8/8] Do not break twig syntax --- book/security.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/security.rst b/book/security.rst index 7cde88c9297..148d390036f 100644 --- a/book/security.rst +++ b/book/security.rst @@ -1861,7 +1861,7 @@ to show a link to exit impersonation: .. code-block:: html+jinja {% if is_granted('ROLE_PREVIOUS_ADMIN') %} - Exit impersonation + Exit impersonation {% endif %} .. code-block:: html+php