From 419734cca2eee1faa3a48a1f405cf0300446deb9 Mon Sep 17 00:00:00 2001 From: stiteca Date: Sun, 6 Nov 2022 10:11:38 +0100 Subject: [PATCH 1/2] Update access_control.rst Fix rule #3 described as second rule --- security/access_control.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/access_control.rst b/security/access_control.rst index dfa1e38e7ce..22289fb30e0 100644 --- a/security/access_control.rst +++ b/security/access_control.rst @@ -111,10 +111,10 @@ if ``ip``, ``port``, ``host`` or ``method`` are not specified for an entry, that +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+ | ``/admin/user`` | 127.0.0.1 | 8080 | symfony.com | GET | rule #1 (``ROLE_USER_PORT``) | The ``path``, ``ip`` and ``port`` match. | +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+ -| ``/admin/user`` | 168.0.0.1 | 80 | symfony.com | GET | rule #3 (``ROLE_USER_HOST``) | The ``ip`` doesn't match the first rule, so the second | +| ``/admin/user`` | 168.0.0.1 | 80 | symfony.com | GET | rule #3 (``ROLE_USER_HOST``) | The ``ip`` doesn't match the first rule, so the third | | | | | | | | rule (which matches) is used. | +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+ -| ``/admin/user`` | 168.0.0.1 | 80 | symfony.com | POST | rule #3 (``ROLE_USER_HOST``) | The second rule still matches. This would also match the | +| ``/admin/user`` | 168.0.0.1 | 80 | symfony.com | POST | rule #3 (``ROLE_USER_HOST``) | The third rule still matches. This would also match the | | | | | | | | third rule (``ROLE_USER_METHOD``), but only the **first** | | | | | | | | matched ``access_control`` is used. | +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+ From 21227ccbabe298b8ada9cfc036485ee3ec291fee Mon Sep 17 00:00:00 2001 From: stiteca Date: Sun, 6 Nov 2022 19:46:35 +0100 Subject: [PATCH 2/2] Update access_control.rst --- security/access_control.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/access_control.rst b/security/access_control.rst index 22289fb30e0..4c5f210b2ae 100644 --- a/security/access_control.rst +++ b/security/access_control.rst @@ -115,11 +115,11 @@ if ``ip``, ``port``, ``host`` or ``method`` are not specified for an entry, that | | | | | | | rule (which matches) is used. | +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+ | ``/admin/user`` | 168.0.0.1 | 80 | symfony.com | POST | rule #3 (``ROLE_USER_HOST``) | The third rule still matches. This would also match the | -| | | | | | | third rule (``ROLE_USER_METHOD``), but only the **first** | +| | | | | | | fourth rule (``ROLE_USER_METHOD``), but only the **first** | | | | | | | | matched ``access_control`` is used. | +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+ | ``/admin/user`` | 168.0.0.1 | 80 | example.com | POST | rule #4 (``ROLE_USER_METHOD``) | The ``ip`` and ``host`` don't match the first two entries, | -| | | | | | | but the third - ``ROLE_USER_METHOD`` - matches and is used. | +| | | | | | | but the fourth - ``ROLE_USER_METHOD`` - matches and is used. | +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+ | ``/admin/user`` | 168.0.0.1 | 80 | example.com | GET | rule #4 (``ROLE_MANAGER``) | The ``ip``, ``host`` and ``method`` prevent the first | | | | | | | | three entries from matching. But since the URI matches the |