@@ -40,8 +40,8 @@ Take the following ``access_control`` entries as an example:
4040 security :
4141 # ...
4242 access_control :
43- - { path: '^/admin', roles: ROLE_USER_IP, ip: 127.0.0.1 }
4443 - { path: '^/admin', roles: ROLE_USER_PORT, ip: 127.0.0.1, port: 8080 }
44+ - { path: '^/admin', roles: ROLE_USER_IP, ip: 127.0.0.1 }
4545 - { path: '^/admin', roles: ROLE_USER_HOST, host: symfony\.com$ }
4646 - { path: '^/admin', roles: ROLE_USER_METHOD, methods: [POST, PUT] }
4747 # when defining multiple roles, users must have at least one of them (it's like an OR condition)
@@ -59,8 +59,8 @@ Take the following ``access_control`` entries as an example:
5959
6060 <config >
6161 <!-- ... -->
62- <rule path =" ^/admin" role =" ROLE_USER_IP" ip =" 127.0.0.1"
6362 <rule path =" ^/admin" role =" ROLE_USER_PORT" ip =" 127.0.0.1" port =" 8080"
63+ <rule path =" ^/admin" role =" ROLE_USER_IP" ip =" 127.0.0.1"
6464 <rule path =" ^/admin" role =" ROLE_USER_HOST" host =" symfony\.com$"
6565 <rule path =" ^/admin" role =" ROLE_USER_METHOD" methods =" POST, PUT"
6666 <!-- when defining multiple roles, users must have at least one of them (it's like an OR condition) -->
@@ -74,17 +74,17 @@ Take the following ``access_control`` entries as an example:
7474 $container->loadFromExtension('security', [
7575 // ...
7676 'access_control' => [
77- [
78- 'path' => '^/admin',
79- 'roles' => 'ROLE_USER_IP',
80- 'ips' => '127.0.0.1',
81- ],
8277 [
8378 'path' => '^/admin',
8479 'roles' => 'ROLE_USER_PORT',
8580 'ip' => '127.0.0.1',
8681 'port' => '8080',
8782 ],
83+ [
84+ 'path' => '^/admin',
85+ 'roles' => 'ROLE_USER_IP',
86+ 'ips' => '127.0.0.1',
87+ ],
8888 [
8989 'path' => '^/admin',
9090 'roles' => 'ROLE_USER_HOST',
@@ -112,13 +112,13 @@ if ``ip``, ``port``, ``host`` or ``method`` are not specified for an entry, that
112112+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
113113| URI | IP | PORT | HOST | METHOD | ``access_control `` | Why? |
114114+=================+=============+=============+=============+============+================================+=============================================================+
115- | ``/admin/user `` | 127.0.0.1 | 80 | example.com | GET | rule #1 (``ROLE_USER_IP ``) | The URI matches ``path `` and the IP matches ``ip ``. |
115+ | ``/admin/user `` | 127.0.0.1 | 80 | example.com | GET | rule #2 (``ROLE_USER_IP ``) | The URI matches ``path `` and the IP matches ``ip ``. |
116116+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
117- | ``/admin/user `` | 127.0.0.1 | 80 | symfony.com | GET | rule #1 (``ROLE_USER_IP ``) | The ``path `` and ``ip `` still match. This would also match |
117+ | ``/admin/user `` | 127.0.0.1 | 80 | symfony.com | GET | rule #2 (``ROLE_USER_IP ``) | The ``path `` and ``ip `` still match. This would also match |
118118| | | | | | | the ``ROLE_USER_HOST `` entry, but *only * the **first ** |
119119| | | | | | | ``access_control `` match is used. |
120120+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
121- | ``/admin/user `` | 127.0.0.1 | 8080 | symfony.com | GET | rule #2 (``ROLE_USER_PORT ``) | The ``path ``, ``ip `` and ``port `` match. |
121+ | ``/admin/user `` | 127.0.0.1 | 8080 | symfony.com | GET | rule #1 (``ROLE_USER_PORT ``) | The ``path ``, ``ip `` and ``port `` match. |
122122+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
123123| ``/admin/user `` | 168.0.0.1 | 80 | symfony.com | GET | rule #3 (``ROLE_USER_HOST ``) | The ``ip `` doesn't match the first rule, so the second |
124124| | | | | | | rule (which matches) is used. |
0 commit comments