Merge branch '2.0' into 2.1

Author: weaverryan

book/installation.rst

@@ -214,13 +214,29 @@ If there are any issues, correct them now before moving on.
     must be writable both by the web server and the command line user. On
     a UNIX system, if your web server user is different from your command
     line user, you can run the following commands just once in your project
-    to ensure that permissions will be setup properly. Change ``www-data``
-    to your web server user:
+    to ensure that permissions will be setup properly.
+
+    **Note that not all web servers run as the user** ``www-data`` as in the examples
+    below. Instead, check which user *your* web server is being run as and
+    use it place of ``www-data``.
+
+    On a UNIX system, this can be done with one of the following commands:
+
+    .. code-block:: bash
+    
+        $ ps aux | grep httpd
+
+    or
+
+    .. code-block:: bash
+
+        $ ps aux | grep apache
 
     **1. Using ACL on a system that supports chmod +a**
 
     Many systems allow you to use the ``chmod +a`` command. Try this first,
-    and if you get an error - try the next method:
+    and if you get an error - try the next method. Be sure to replace ``www-data``
+    with your web server user on the first ``chmod`` command:
 
     .. code-block:: bash
 
@@ -229,7 +245,7 @@ If there are any issues, correct them now before moving on.
 
         $ sudo chmod +a "www-data allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs
         $ sudo chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs
-
+    
     **2. Using Acl on a system that does not support chmod +a**
 
     Some systems don't support ``chmod +a``, but do support another utility
@@ -242,11 +258,6 @@ If there are any issues, correct them now before moving on.
         $ sudo setfacl -R -m u:www-data:rwx -m u:`whoami`:rwx app/cache app/logs
         $ sudo setfacl -dR -m u:www-data:rwx -m u:`whoami`:rwx app/cache app/logs
 
-    Note that not all web servers run as the user ``www-data``. You have to
-    check which user the web server is being run as and put it in for ``www-data``.
-    This can be done by checking your process list to see which user is running
-    your web server processes.
-
     **3. Without using ACL**
 
     If you don't have access to changing the ACL of the directories, you will

book/security.rst

@@ -780,27 +780,27 @@ Take the following ``access_control`` entries as an example:
         security:
             # ...
             access_control:
-                - { path: ^/user, roles: ROLE_USER_IP, ip: 127.0.0.1 }
-                - { path: ^/user, roles: ROLE_USER_HOST, host: symfony.com }
-                - { path: ^/user, roles: ROLE_USER_METHOD, methods: [POST, PUT] }
-                - { path: ^/user, roles: ROLE_USER }
+                - { path: ^/admin, roles: ROLE_USER_IP, ip: 127.0.0.1 }
+                - { path: ^/admin, roles: ROLE_USER_HOST, host: symfony.com }
+                - { path: ^/admin, roles: ROLE_USER_METHOD, methods: [POST, PUT] }
+                - { path: ^/admin, roles: ROLE_USER }
 
     .. code-block:: xml
 
             <access-control>
-                <rule path="^/user" role="ROLE_USER_IP" ip="127.0.0.1" />
-                <rule path="^/user" role="ROLE_USER_HOST" host="symfony.com" />
-                <rule path="^/user" role="ROLE_USER_METHOD" method="POST, PUT" />
-                <rule path="^/user" role="ROLE_USER" />
+                <rule path="^/admin" role="ROLE_USER_IP" ip="127.0.0.1" />
+                <rule path="^/admin" role="ROLE_USER_HOST" host="symfony.com" />
+                <rule path="^/admin" role="ROLE_USER_METHOD" method="POST, PUT" />
+                <rule path="^/admin" role="ROLE_USER" />
             </access-control>
 
     .. code-block:: php
 
             'access_control' => array(
-                array('path' => '^/user', 'role' => 'ROLE_USER_IP', 'ip' => '127.0.0.1'),
-                array('path' => '^/user', 'role' => 'ROLE_USER_HOST', 'host' => 'symfony.com'),
-                array('path' => '^/user', 'role' => 'ROLE_USER_METHOD', 'method' => 'POST, PUT'),
-                array('path' => '^/user', 'role' => 'ROLE_USER'),
+                array('path' => '^/admin', 'role' => 'ROLE_USER_IP', 'ip' => '127.0.0.1'),
+                array('path' => '^/admin', 'role' => 'ROLE_USER_HOST', 'host' => 'symfony.com'),
+                array('path' => '^/admin', 'role' => 'ROLE_USER_METHOD', 'method' => 'POST, PUT'),
+                array('path' => '^/admin', 'role' => 'ROLE_USER'),
             ),
 
 For each incoming request, Symfony will decided which ``access_control``
@@ -904,18 +904,18 @@ given prefix, ``/esi``, from outside access:
 Here is how it works when the path is ``/esi/something`` coming from the
 ``10.0.0.1`` IP:
 
-* The first access control rule does not match and is ignored as the ``path``
-  matches but the ``ip`` does not;
+* The first access control rule is ignored as the ``path`` matches but the
+  ``ip`` does not;
 
-* The second access control rule matches (the only restriction being the
+* The second access control rule is enabled (the only restriction being the
   ``path`` and it matches): as the user cannot have the ``ROLE_NO_ACCESS``
   role as it's not defined, access is denied (the ``ROLE_NO_ACCESS`` role can
   be anything that does not match an existing role, it just serves as a trick
   to always deny access).
 
 Now, if the same request comes from ``127.0.0.1``:
 
-* Now, the first access control rule does match as both the ``path`` and the
+* Now, the first access control rule is enabled as both the ``path`` and the
   ``ip`` match: access is allowed as the user always has the
   ``IS_AUTHENTICATED_ANONYMOUSLY`` role.
 

reference/dic_tags.rst

@@ -385,7 +385,7 @@ channel when injecting the logger in a service.
 
         $definition = new Definition('Fully\Qualified\Loader\Class\Name', array(new Reference('logger'));
         $definition->addTag('monolog.logger', array('channel' => 'acme'));
-        $container->register('my_service', $definition);;
+        $container->register('my_service', $definition);
 
 .. note::