Minor improvements

ajgarlag · ajgarlag · commit 68405829fdb7 · 2021-10-14T11:41:26.000+02:00
diff --git a/security/access_control.rst b/security/access_control.rst
@@ -44,7 +44,7 @@ Take the following ``access_control`` entries as an example:
                 - { path: '^/admin', roles: ROLE_USER_IP, ip: 127.0.0.1 }
                 - { path: '^/admin', roles: ROLE_USER_HOST, host: symfony\.com$ }
                 - { path: '^/admin', roles: ROLE_USER_METHOD, methods: [POST, PUT] }
-                # when defining multiple roles, users must have at least one of them (it's like an OR condition)
+                # when defining multiple roles, it could be like an OR or AND condition depending on the 'affirmative' or 'unanimous' strategy used
                 - { path: '^/admin', roles: [ROLE_MANAGER, ROLE_ADMIN] }
 
     .. code-block:: xml
@@ -63,7 +63,7 @@ Take the following ``access_control`` entries as an example:
                 <rule path="^/admin" role="ROLE_USER_IP" ip="127.0.0.1"/>
                 <rule path="^/admin" role="ROLE_USER_HOST" host="symfony\.com$"/>
                 <rule path="^/admin" role="ROLE_USER_METHOD" methods="POST, PUT"/>
-                <!-- when defining multiple roles, users must have at least one of them (it's like an OR condition) -->
+                <!-- when defining multiple roles, it could be like an OR or AND condition depending on the 'affirmative' or 'unanimous' strategy used -->
                 <rule path="^/admin" roles="ROLE_ADMIN, ROLE_MANAGER"/>
             </config>
         </srv:container>
@@ -97,7 +97,7 @@ Take the following ``access_control`` entries as an example:
                 ],
                 [
                     'path' => '^/admin',
-                    // when defining multiple roles, users must have at least one of them (it's like an OR condition)
+                    // when defining multiple roles, it could be like an OR or AND condition depending on the 'affirmative' or 'unanimous' strategy used
                     'roles' => ['ROLE_MANAGER', 'ROLE_ADMIN'],
                 ],
             ],
@@ -156,7 +156,8 @@ options:
 
 * ``roles`` If the user does not have the given role, then access is denied
   (internally, an :class:`Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException`
-  is thrown). If this value is an array of multiple roles, the user must have
+  is thrown). If this value is an array of multiple roles, the user must have:
+  
   * at least one of them when using the default ``affirmative`` strategy
   * all of them when using the ``unanimous`` strategy
 in the :ref:`Access Decision Manager <components-security-access-decision-manager>`.
