Skip to content

Commit 036cb66

Browse files
TristanPouliquenTristanPouliquen
committed
Merge with existing config code block
1 parent ca5c684 commit 036cb66

File tree

1 file changed

+16
-48
lines changed

1 file changed

+16
-48
lines changed

security/access_control.rst

Lines changed: 16 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,9 @@ Take the following ``access_control`` entries as an example:
5252
- { path: '^/admin', roles: ROLE_USER_IP, ips: '%env(TRUSTED_IPS)%' }
5353
- { path: '^/admin', roles: ROLE_USER_IP, ips: [127.0.0.1, ::1, '%env(TRUSTED_IPS)%'] }
5454
55+
# Request matchers can be used to define access control rules
56+
- { roles: ROLE_USER, request_matcher: App\Security\RequestMatcher\MyRequestMatcher }
57+
5558
.. code-block:: xml
5659
5760
<!-- config/packages/security.xml -->
@@ -82,6 +85,9 @@ Take the following ``access_control`` entries as an example:
8285
<ip>::1</ip>
8386
<ip>%env(TRUSTED_IPS)%</ip>
8487
</rule>
88+
89+
<!-- Request matchers can be used to define access control rules -->
90+
<rule role="ROLE_USER" request-matcher="App\Security\RequestMatcher\MyRequestMatcher"/>
8591
</config>
8692
</srv:container>
8793
@@ -127,8 +133,18 @@ Take the following ``access_control`` entries as an example:
127133
->roles(['ROLE_USER_IP'])
128134
->ips(['127.0.0.1', '::1', '%env(TRUSTED_IPS)%'])
129135
;
136+
137+
// Request matchers can be used to define access control rules
138+
$security->accessControl()
139+
->roles(['ROLE_USER'])
140+
->requestMatcher('App\Security\RequestMatcher\MyRequestMatcher')
141+
;
130142
};
131143
144+
.. versionadded:: 6.1
145+
146+
Support for access control rule definition based on a RequestMatcher was introduced in Symfony 6.1.
147+
132148
For each incoming request, Symfony will decide which ``access_control``
133149
to use based on the URI, the client's IP address, the incoming host name,
134150
and the request method. Remember, the first rule that matches is used, and
@@ -165,54 +181,6 @@ if ``ip``, ``port``, ``host`` or ``method`` are not specified for an entry, that
165181
Matching the URI is done without ``$_GET`` parameters.
166182
:ref:`Deny access in PHP code <security-securing-controller>` if you want
167183
to disallow access based on ``$_GET`` parameter values.
168-
169-
.. versionadded:: 6.1
170-
171-
From verison 6.1 and up, if you have a custom request matcher, you can use the ``request_matcher`` option to specify the service reference to an access control item. Symfony will use this service as the request matcher for this item and won't take into account other matching options.
172-
173-
.. configuration-block::
174-
175-
.. code-block:: yaml
176-
177-
# config/packages/security.yaml
178-
security:
179-
# ...
180-
access_control:
181-
- { roles: ROLE_USER, request_matcher: App\Security\RequestMatcher\MyRequestMatcher }
182-
183-
.. code-block:: xml
184-
185-
<!-- config/packages/security.xml -->
186-
<?xml version="1.0" encoding="UTF-8" ?>
187-
<srv:container xmlns="http://symfony.com/schema/dic/security"
188-
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
189-
xmlns:srv="http://symfony.com/schema/dic/services"
190-
xsi:schemaLocation="http://symfony.com/schema/dic/services
191-
https://symfony.com/schema/dic/services/services-1.0.xsd
192-
http://symfony.com/schema/dic/security
193-
https://symfony.com/schema/dic/security/security-1.0.xsd">
194-
195-
<config>
196-
<!-- ... -->
197-
<rule role="ROLE_USER" request-matcher="App\Security\RequestMatcher\MyRequestMatcher"/>
198-
</config>
199-
</srv:container>
200-
201-
.. code-block:: php
202-
203-
// config/packages/security.php
204-
use Symfony\Component\DependencyInjection\ContainerBuilder;
205-
use Symfony\Config\SecurityConfig;
206-
207-
return static function (ContainerBuilder $container, SecurityConfig $security) {
208-
// ...
209-
210-
$security->accessControl()
211-
->roles(['ROLE_USER'])
212-
->requestMatcher('App\Security\RequestMatcher\MyRequestMatcher')
213-
;
214-
};
215-
216184

217185
.. _security-access-control-enforcement-options:
218186

0 commit comments

Comments
 (0)