dbd806a595
✨ feat(Prestaire.php): Implémente UserInterface et PasswordAuthenticatedUserInterface. ✨ feat(security): Ajoute firewall et authentificateur pour ETL. ✨ feat(EtlController.php): Ajoute contrôleur et routes pour ETL. ✨ feat(RedirecListener.php): Ajoute redirection pour etl.ludikevent.fr. ✏️ chore(caddy): Ajoute etl.ludikevent.fr à la configuration Caddy. ```
92 lines
3.1 KiB
YAML
92 lines
3.1 KiB
YAML
security:
|
|
password_hashers:
|
|
App\Entity\Account: 'auto'
|
|
App\Entity\Customer: 'auto'
|
|
App\Entity\Prestaire: 'auto'
|
|
|
|
providers:
|
|
app_account_provider:
|
|
entity:
|
|
class: App\Entity\Account
|
|
property: email
|
|
reserve_account_provider: # Provider spécifique Customer
|
|
entity:
|
|
class: App\Entity\Customer
|
|
property: email
|
|
etl_account_provider: # Provider spécifique Customer
|
|
entity:
|
|
class: App\Entity\Prestaire
|
|
property: email
|
|
firewalls:
|
|
dev:
|
|
pattern: ^/(_(profiler|wdt)|css|images|js)/
|
|
security: false
|
|
|
|
etl:
|
|
pattern: ^/(etl)
|
|
lazy: true
|
|
provider: etl_account_provider # Force l'entité Account (Admin) ici
|
|
user_checker: App\Security\UserChecker
|
|
entry_point: App\Security\EtlAuthenticator
|
|
form_login:
|
|
login_path: etl_home
|
|
check_path: etl_home
|
|
enable_csrf: true
|
|
csrf_token_id: authenticate
|
|
|
|
custom_authenticator:
|
|
- App\Security\EtlAuthenticator
|
|
|
|
logout:
|
|
path: elt_logout
|
|
target: elt_home
|
|
|
|
|
|
intranet:
|
|
pattern: ^/(intranet|crm|2fa)
|
|
lazy: true
|
|
provider: app_account_provider # Force l'entité Account (Admin) ici
|
|
user_checker: App\Security\UserChecker
|
|
two_factor:
|
|
auth_form_path: 2fa_login
|
|
check_path: 2fa_login_check
|
|
default_target_path: /
|
|
entry_point: App\Security\LoginFormAuthenticator
|
|
form_login:
|
|
login_path: app_home
|
|
check_path: app_home
|
|
enable_csrf: true
|
|
csrf_token_id: authenticate
|
|
|
|
custom_authenticator:
|
|
- App\Security\LoginFormAuthenticator
|
|
- App\Security\KeycloakAuthenticator
|
|
|
|
logout:
|
|
path: app_logout
|
|
target: app_home
|
|
# --- FIREWALL PRINCIPAL (CRM / ADMIN) ---
|
|
main:
|
|
pattern: ^/
|
|
provider: reserve_account_provider # Force l'entité Customer ici
|
|
custom_authenticator: App\Security\CustomerAuthenticator
|
|
user_checker: App\Security\UserChecker # Si vous voulez vérifier l'activation du compte
|
|
logout:
|
|
path: reservation_logout
|
|
target: reservation_login # Redirige vers le login client après déconnexion
|
|
remember_me:
|
|
secret: '%kernel.secret%'
|
|
lifetime: 604800
|
|
|
|
role_hierarchy:
|
|
ROLE_ROOT: [ROLE_ADMIN, ROLE_CLIENT_MAIN, ROLE_CUSTOMER]
|
|
ROLE_CLIENT_MAIN: [ROLE_ADMIN, ROLE_CUSTOMER]
|
|
|
|
access_control:
|
|
- { path: ^/2fa, roles: PUBLIC_ACCESS }
|
|
# Protection de l'espace client (Firewall customer_reservation)
|
|
- { path: ^/gestion-contrat, roles: [ROLE_CUSTOMER] }
|
|
# Protection du CRM (Firewall main)
|
|
- { path: ^/crm, roles: [ROLE_ADMIN] }
|
|
- { path: ^/, roles: PUBLIC_ACCESS }
|