@@ -43,8 +43,8 @@ Take the following ``access_control`` entries as an example:
4343 security :
4444 # ...
4545 access_control :
46- - { path: '^/admin', roles: ROLE_USER_IP, ip: 127.0.0.1 }
4746 - { path: '^/admin', roles: ROLE_USER_PORT, ip: 127.0.0.1, port: 8080 }
47+ - { path: '^/admin', roles: ROLE_USER_IP, ip: 127.0.0.1 }
4848 - { path: '^/admin', roles: ROLE_USER_HOST, host: symfony\.com$ }
4949 - { path: '^/admin', roles: ROLE_USER_METHOD, methods: [POST, PUT] }
5050
@@ -70,8 +70,8 @@ Take the following ``access_control`` entries as an example:
7070
7171 <config >
7272 <!-- ... -->
73- <rule path =" ^/admin" role =" ROLE_USER_IP" ip =" 127.0.0.1"
7473 <rule path =" ^/admin" role =" ROLE_USER_PORT" ip =" 127.0.0.1" port =" 8080"
74+ <rule path =" ^/admin" role =" ROLE_USER_IP" ip =" 127.0.0.1"
7575 <rule path =" ^/admin" role =" ROLE_USER_HOST" host =" symfony\.com$"
7676 <rule path =" ^/admin" role =" ROLE_USER_METHOD" methods =" POST, PUT"
7777
@@ -92,17 +92,17 @@ Take the following ``access_control`` entries as an example:
9292 $container->loadFromExtension('security', [
9393 // ...
9494 'access_control' => [
95- [
96- 'path' => '^/admin',
97- 'roles' => 'ROLE_USER_IP',
98- 'ips' => '127.0.0.1',
99- ],
10095 [
10196 'path' => '^/admin',
10297 'roles' => 'ROLE_USER_PORT',
10398 'ip' => '127.0.0.1',
10499 'port' => '8080',
105100 ],
101+ [
102+ 'path' => '^/admin',
103+ 'roles' => 'ROLE_USER_IP',
104+ 'ips' => '127.0.0.1',
105+ ],
106106 [
107107 'path' => '^/admin',
108108 'roles' => 'ROLE_USER_HOST',
@@ -145,16 +145,13 @@ if ``ip``, ``port``, ``host`` or ``method`` are not specified for an entry, that
145145+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
146146| URI | IP | PORT | HOST | METHOD | ``access_control `` | Why? |
147147+=================+=============+=============+=============+============+================================+=============================================================+
148- | ``/admin/user `` | 127.0.0.1 | 80 | example.com | GET | rule #1 (``ROLE_USER_IP ``) | The URI matches ``path `` and the IP matches ``ip ``. |
148+ | ``/admin/user `` | 127.0.0.1 | 80 | example.com | GET | rule #2 (``ROLE_USER_IP ``) | The URI matches ``path `` and the IP matches ``ip ``. |
149149+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
150- | ``/admin/user `` | 127.0.0.1 | 80 | symfony.com | GET | rule #1 (``ROLE_USER_IP ``) | The ``path `` and ``ip `` still match. This would also match |
150+ | ``/admin/user `` | 127.0.0.1 | 80 | symfony.com | GET | rule #2 (``ROLE_USER_IP ``) | The ``path `` and ``ip `` still match. This would also match |
151151| | | | | | | the ``ROLE_USER_HOST `` entry, but *only * the **first ** |
152152| | | | | | | ``access_control `` match is used. |
153153+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
154- | ``/admin/user `` | 127.0.0.1 | 8080 | symfony.com | GET | rule #1 (``ROLE_USER_IP ``) | The ``path `` and ``ip `` still match. This would also match |
155- | | | | | | | the ``port `` entry (``ROLE_USER_PORT ``) and the ``host `` |
156- | | | | | | | enrty (``ROLE_USER_HOST ``), but only the **first ** matched |
157- | | | | | | | ``access_control `` is used. |
154+ | ``/admin/user `` | 127.0.0.1 | 8080 | symfony.com | GET | rule #1 (``ROLE_USER_PORT ``) | The path, ip and port match. |
158155+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
159156| ``/admin/user `` | 168.0.0.1 | 80 | symfony.com | GET | rule #3 (``ROLE_USER_HOST ``) | The ``ip `` doesn't match the first rule, so the second |
160157| | | | | | | rule (which matches) is used. |
0 commit comments