09148b5b33
src/Entity/Devis.php: - submitterSiteconseilId (int nullable): ID du soumetteur cote SITECONSEIL dans DocuSeal apres signature - submitterCustomerId (int nullable): ID du soumetteur cote client dans DocuSeal apres signature - unsignedPdf (string nullable) + unsignedPdfFile (Vich): PDF non signe - signedPdf (string nullable) + signedPdfFile (Vich): PDF signe - auditPdf (string nullable) + auditPdfFile (Vich): certificat d'audit - updatedAt (DateTimeImmutable nullable): mis a jour automatiquement a chaque upload de fichier via les setters *File() - Annotation #[Vich\Uploadable] sur la classe - Les 3 champs fichier utilisent le mapping 'devis_pdf' config/packages/vich_uploader.yaml: - Nouveau mapping devis_pdf: stockage dans public/uploads/devis avec SmartUniqueNamer pour eviter les collisions de noms config/packages/security.yaml: - Nouvelle regle access_control: /uploads/devis requiert ROLE_USER (empeche l'acces aux PDF de devis sans etre connecte) migrations/Version20260402203334.php: - Ajout colonnes submitter_siteconseil_id, submitter_customer_id, unsigned_pdf, signed_pdf, audit_pdf, updated_at sur la table devis Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
73 lines
2.6 KiB
YAML
73 lines
2.6 KiB
YAML
security:
|
|
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
|
|
password_hashers:
|
|
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
|
|
|
|
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
|
|
providers:
|
|
app_user_provider:
|
|
entity:
|
|
class: App\Entity\User
|
|
property: email
|
|
|
|
firewalls:
|
|
dev:
|
|
pattern: ^/(_profiler|_wdt|assets|build)/
|
|
security: false
|
|
webhooks:
|
|
pattern: ^/webhooks/
|
|
security: false
|
|
main:
|
|
lazy: true
|
|
provider: app_user_provider
|
|
entry_point: form_login
|
|
custom_authenticators:
|
|
- App\Security\KeycloakAuthenticator
|
|
form_login:
|
|
login_path: app_home
|
|
check_path: app_home
|
|
username_parameter: _username
|
|
password_parameter: _password
|
|
success_handler: App\Security\LoginSuccessHandler
|
|
logout:
|
|
path: app_logout
|
|
two_factor:
|
|
auth_form_path: 2fa_login
|
|
check_path: 2fa_login_check
|
|
default_target_path: app_home
|
|
prepare_on_login: true
|
|
prepare_on_access_denied: true
|
|
enable_csrf: true
|
|
|
|
role_hierarchy:
|
|
ROLE_CUSTOMER: ROLE_USER
|
|
ROLE_REVENDEUR: ROLE_CUSTOMER
|
|
ROLE_MEMBER: ROLE_USER
|
|
ROLE_EMPLOYE: ROLE_MEMBER
|
|
ROLE_ROOT: [ROLE_EMPLOYE, ROLE_REVENDEUR]
|
|
|
|
# Note: Only the *first* matching rule is applied
|
|
access_control:
|
|
- { path: ^/uploads/devis, roles: ROLE_USER }
|
|
- { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
|
|
- { path: ^/admin, roles: ROLE_EMPLOYE }
|
|
- { path: ^/espace-client, roles: ROLE_CUSTOMER }
|
|
- { path: ^/espace-prestataire, roles: ROLE_REVENDEUR }
|
|
|
|
when@test:
|
|
security:
|
|
providers:
|
|
test_user_provider:
|
|
id: App\Tests\TestUserProvider
|
|
firewalls:
|
|
main:
|
|
provider: test_user_provider
|
|
password_hashers:
|
|
# Password hashers are resource-intensive by design to ensure security.
|
|
# In tests, it's safe to reduce their cost to improve performance.
|
|
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
|
|
algorithm: auto
|
|
cost: 4 # Lowest possible value for bcrypt
|
|
time_cost: 3 # Lowest possible value for argon
|
|
memory_cost: 10 # Lowest possible value for argon
|