From e58efe42592607512eb53c07f7f6518616a55514 Mon Sep 17 00:00:00 2001
From: Chad Meyers <chad@nobodyfamous.ca>
Date: Wed, 23 Oct 2019 12:29:55 -0300
Subject: [PATCH 1/2] Update security.rst

---
 security.rst | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/security.rst b/security.rst
index 90c0024266d..6ae78438833 100644
--- a/security.rst
+++ b/security.rst
@@ -715,6 +715,9 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
                 # require ROLE_ADMIN for /admin*
                 - { path: '^/admin', roles: ROLE_ADMIN }
 
+                # or require ROLE_ADMIN and IS_AUTHENTICATED_FULLY for /admin*
+                - { path: '^/admin', roles: [IS_AUTHENTICATED_FULLY, ROLE_ADMIN] }
+                
                 # the 'path' value can be any valid regular expression
                 # (this one will match URLs like /api/post/7298 and /api/comment/528491)
                 - { path: ^/api/(post|comment)/\d+$, roles: ROLE_USER }

From 1531a2f98ade24a8b5d6c66c1abe2496bbd46626 Mon Sep 17 00:00:00 2001
From: Chad Meyers <webmaster.meyers@gmail.com>
Date: Fri, 8 Nov 2019 10:57:30 -0400
Subject: [PATCH 2/2] include xml and php examples

---
 security.rst | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/security.rst b/security.rst
index 6ae78438833..70cd2d111e1 100644
--- a/security.rst
+++ b/security.rst
@@ -717,7 +717,7 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
 
                 # or require ROLE_ADMIN and IS_AUTHENTICATED_FULLY for /admin*
                 - { path: '^/admin', roles: [IS_AUTHENTICATED_FULLY, ROLE_ADMIN] }
-                
+
                 # the 'path' value can be any valid regular expression
                 # (this one will match URLs like /api/post/7298 and /api/comment/528491)
                 - { path: ^/api/(post|comment)/\d+$, roles: ROLE_USER }
@@ -742,6 +742,12 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
                 <!-- require ROLE_ADMIN for /admin* -->
                 <rule path="^/admin" role="ROLE_ADMIN"/>
 
+                <!-- require ROLE_ADMIN and IS_AUTHENTICATED_FULLY for /admin* -->
+                <rule path="^/admin">
+                    <role>ROLE_ADMIN</role>
+                    <role>IS_AUTHENTICATED_FULLY</role>
+                </rule>
+
                 <!-- the 'path' value can be any valid regular expression
                      (this one will match URLs like /api/post/7298 and /api/comment/528491) -->
                 <rule path="^/api/(post|comment)/\d+$" role="ROLE_USER"/>
@@ -764,6 +770,9 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
                 // require ROLE_ADMIN for /admin*
                 ['path' => '^/admin', 'roles' => 'ROLE_ADMIN'],
 
+                // require ROLE_ADMIN and IS_AUTHENTICATED_FULLY for /admin*
+                ['path' => '^/admin', 'roles' => ['ROLE_ADMIN', 'IS_AUTHENTICATED_FULLY']],
+
                 // the 'path' value can be any valid regular expression
                 // (this one will match URLs like /api/post/7298 and /api/comment/528491)
                 ['path' => '^/api/(post|comment)/\d+$', 'roles' => 'ROLE_USER'],