@@ -40,8 +40,8 @@ Take the following ``access_control`` entries as an example:
4040 security :
4141 # ...
4242 access_control :
43- - { path: '^/admin', roles: ROLE_USER_IP, ip: 127.0.0.1 }
4443 - { path: '^/admin', roles: ROLE_USER_PORT, ip: 127.0.0.1, port: 8080 }
44+ - { path: '^/admin', roles: ROLE_USER_IP, ip: 127.0.0.1 }
4545 - { path: '^/admin', roles: ROLE_USER_HOST, host: symfony\.com$ }
4646 - { path: '^/admin', roles: ROLE_USER_METHOD, methods: [POST, PUT] }
4747
@@ -59,8 +59,8 @@ Take the following ``access_control`` entries as an example:
5959
6060 <config >
6161 <!-- ... -->
62- <rule path =" ^/admin" role =" ROLE_USER_IP" ip =" 127.0.0.1"
6362 <rule path =" ^/admin" role =" ROLE_USER_PORT" ip =" 127.0.0.1" port =" 8080"
63+ <rule path =" ^/admin" role =" ROLE_USER_IP" ip =" 127.0.0.1"
6464 <rule path =" ^/admin" role =" ROLE_USER_HOST" host =" symfony\.com$"
6565 <rule path =" ^/admin" role =" ROLE_USER_METHOD" methods =" POST, PUT"
6666 </config >
@@ -72,17 +72,17 @@ Take the following ``access_control`` entries as an example:
7272 $container->loadFromExtension('security', [
7373 // ...
7474 'access_control' => [
75- [
76- 'path' => '^/admin',
77- 'roles' => 'ROLE_USER_IP',
78- 'ips' => '127.0.0.1',
79- ],
8075 [
8176 'path' => '^/admin',
8277 'roles' => 'ROLE_USER_PORT',
8378 'ip' => '127.0.0.1',
8479 'port' => '8080',
8580 ],
81+ [
82+ 'path' => '^/admin',
83+ 'roles' => 'ROLE_USER_IP',
84+ 'ips' => '127.0.0.1',
85+ ],
8686 [
8787 'path' => '^/admin',
8888 'roles' => 'ROLE_USER_HOST',
@@ -105,13 +105,13 @@ if ``ip``, ``port``, ``host`` or ``method`` are not specified for an entry, that
105105+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
106106| URI | IP | PORT | HOST | METHOD | ``access_control `` | Why? |
107107+=================+=============+=============+=============+============+================================+=============================================================+
108- | ``/admin/user `` | 127.0.0.1 | 80 | example.com | GET | rule #1 (``ROLE_USER_IP ``) | The URI matches ``path `` and the IP matches ``ip ``. |
108+ | ``/admin/user `` | 127.0.0.1 | 80 | example.com | GET | rule #2 (``ROLE_USER_IP ``) | The URI matches ``path `` and the IP matches ``ip ``. |
109109+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
110- | ``/admin/user `` | 127.0.0.1 | 80 | symfony.com | GET | rule #1 (``ROLE_USER_IP ``) | The ``path `` and ``ip `` still match. This would also match |
110+ | ``/admin/user `` | 127.0.0.1 | 80 | symfony.com | GET | rule #2 (``ROLE_USER_IP ``) | The ``path `` and ``ip `` still match. This would also match |
111111| | | | | | | the ``ROLE_USER_HOST `` entry, but *only * the **first ** |
112112| | | | | | | ``access_control `` match is used. |
113113+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
114- | ``/admin/user `` | 127.0.0.1 | 8080 | symfony.com | GET | rule #2 (``ROLE_USER_PORT ``) | The ``path ``, ``ip `` and ``port `` match. |
114+ | ``/admin/user `` | 127.0.0.1 | 8080 | symfony.com | GET | rule #1 (``ROLE_USER_PORT ``) | The ``path ``, ``ip `` and ``port `` match. |
115115+-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
116116| ``/admin/user `` | 168.0.0.1 | 80 | symfony.com | GET | rule #3 (``ROLE_USER_HOST ``) | The ``ip `` doesn't match the first rule, so the second |
117117| | | | | | | rule (which matches) is used. |
0 commit comments