Skip to content

Commit 5da38b1

Browse files
author
BooleanType
authored
Update access_control.rst
IMHO, rule symfony#1 should be applied instead of rule symfony#2, because URI and IP match is enough for rule symfony#1.
1 parent de2812a commit 5da38b1

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

security/access_control.rst

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,10 @@ if ``ip``, ``port``, ``host`` or ``method`` are not specified for an entry, that
151151
| | | | | | | the ``ROLE_USER_HOST`` entry, but *only* the **first** |
152152
| | | | | | | ``access_control`` match is used. |
153153
+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
154-
| ``/admin/user`` | 127.0.0.1 | 8080 | symfony.com | GET | rule #2 (``ROLE_USER_PORT``) | The ``path``, ``ip`` and ``port`` match. |
154+
| ``/admin/user`` | 127.0.0.1 | 8080 | symfony.com | GET | rule #1 (``ROLE_USER_IP``) | The ``path`` and ``ip`` still match. This would also match |
155+
| | | | | | | the ``port`` entry (``ROLE_USER_PORT``) and the ``host`` |
156+
| | | | | | | enrty (``ROLE_USER_HOST``), but only the **first** matched |
157+
| | | | | | | ``access_control`` is used. |
155158
+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
156159
| ``/admin/user`` | 168.0.0.1 | 80 | symfony.com | GET | rule #3 (``ROLE_USER_HOST``) | The ``ip`` doesn't match the first rule, so the second |
157160
| | | | | | | rule (which matches) is used. |

0 commit comments

Comments
 (0)