diff --git a/docs/reference/advanced_configuration.rst b/docs/reference/advanced_configuration.rst index 4791148a9..b6a924647 100644 --- a/docs/reference/advanced_configuration.rst +++ b/docs/reference/advanced_configuration.rst @@ -9,6 +9,8 @@ Full configuration options: .. code-block:: yaml + # config/packages/sonata_user.yaml + sonata_user: security_acl: false manager_type: orm # can be orm or mongodb @@ -18,12 +20,12 @@ Full configuration options: parameters: { path: / } class: # Entity Classes - user: Application\Sonata\UserBundle\Entity\User + user: Sonata\UserBundle\Entity\BaseUser admin: # Admin Classes user: class: Sonata\UserBundle\Admin\Entity\UserAdmin - controller: Sonata\AdminBundle\Controller\CRUDController + controller: '%sonata.admin.configuration.default_controller%' translation: SonataUserBundle profile: @@ -31,10 +33,8 @@ Full configuration options: mailer: sonata.user.mailer.default # Service used to send emails - # Enable Doctrine to map the provided entities - doctrine: - orm: - entity_managers: - default: - mappings: - SonataUserBundle: ~ + resetting: # Reset password configuration (must be configured) + email: + template: '@SonataUser/Admin/Security/Resetting/email.html.twig' + address: ~ + sender_name: ~ diff --git a/docs/reference/installation.rst b/docs/reference/installation.rst index b2333655d..ab10a8a69 100644 --- a/docs/reference/installation.rst +++ b/docs/reference/installation.rst @@ -56,6 +56,10 @@ SonataUserBundle Configuration sonata_user: class: user: App\Entity\SonataUserUser + resetting: + email: + address: sonata@localhost + sender_name: Sonata Admin Doctrine ORM Configuration -------------------------- @@ -126,44 +130,6 @@ Then configure ``SonataUserBundle`` to use the newly generated classes:: class: user: App\Document\SonataUserUser -ACL Configuration ------------------ - -When using ACL, the ``UserBundle`` can prevent `normal` users to change -settings of `super-admin` users, to enable this use the following configuration: - -.. code-block:: yaml - - # config/packages/sonata_user.yaml - - sonata_user: - security_acl: true - manager_type: orm # can be orm or mongodb - -.. code-block:: yaml - - # config/packages/security.yaml - - security: - encoders: - Sonata\UserBundle\Model\UserInterface: sha512 - - acl: - connection: default - -Mailer Configuration --------------------- - -You can define a custom mailer to send reset password emails. -Your mailer will have to implement ``Sonata\UserBundle\Mailer\MailerInterface``. - -.. code-block:: yaml - - # config/packages/sonata_user.yaml - - sonata_user: - mailer: custom.mailer.service.id - Integrating the bundle into the Sonata Admin Bundle --------------------------------------------------- @@ -184,7 +150,7 @@ Add the related security routing information: sonata_user_admin_resetting: resource: '@SonataUserBundle/Resources/config/routing/admin_resetting.xml' - prefix: /admin/resetting + prefix: /admin Then, add a new custom firewall handlers for the admin: @@ -193,15 +159,10 @@ Then, add a new custom firewall handlers for the admin: # config/packages/security.yaml security: + enable_authenticator_manager: true firewalls: - # Disabling the security for the web debug toolbar, the profiler and Assetic. - dev: - pattern: ^/(_(profiler|wdt)|css|images|js)/ - security: false - - # Firewall for the admin area of the URL admin: - anonymous: true + lazy: true pattern: /admin(.*) provider: sonata_user_bundle context: user @@ -212,8 +173,12 @@ Then, add a new custom firewall handlers for the admin: logout: path: sonata_user_admin_security_logout target: sonata_user_admin_security_login + remember_me: + secret: '%env(APP_SECRET)%' + lifetime: 2629746 + path: /admin -Add role hierarchy and provider, if you are not using ACL also add the encoder: +Add role hierarchy, hasher and provider: .. code-block:: yaml @@ -223,11 +188,9 @@ Add role hierarchy and provider, if you are not using ACL also add the encoder: role_hierarchy: ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN] ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] - SONATA: - - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT # if you are using acl then this line must be commented - encoders: - Sonata\UserBundle\Model\UserInterface: bcrypt + password_hashers: + Sonata\UserBundle\Model\UserInterface: auto providers: sonata_user_bundle: @@ -242,16 +205,52 @@ The last part is to define 4 new access control rules: security: access_control: # Admin login page needs to be accessed without credential - - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } - - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY } - - { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY } - - { path: ^/admin/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/admin/login$, role: PUBLIC_ACCESS } + - { path: ^/admin/logout$, role: PUBLIC_ACCESS } + - { path: ^/admin/login_check$, role: PUBLIC_ACCESS } + - { path: ^/admin/request$, role: PUBLIC_ACCESS } + - { path: ^/admin/check-email$, role: PUBLIC_ACCESS } + - { path: ^/admin/reset/.*$, role: PUBLIC_ACCESS } # Secured part of the site # This config requires being logged for the whole site and having the admin role for the admin part. # Change these rules to adapt them to your needs - - { path: ^/admin/, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] } - - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/admin/, role: ROLE_ADMIN } + - { path: ^/.*, role: PUBLIC_ACCESS } + +Mailer Configuration +-------------------- + +You can define a custom mailer to send reset password emails. +Your mailer will have to implement ``Sonata\UserBundle\Mailer\MailerInterface``. + +.. code-block:: yaml + + # config/packages/sonata_user.yaml + + sonata_user: + mailer: custom.mailer.service.id + +ACL Configuration +----------------- + +When using ACL, the ``UserBundle`` can prevent `normal` users to change +settings of `super-admin` users, to enable this use the following configuration: + +.. code-block:: yaml + + # config/packages/sonata_user.yaml + + sonata_user: + security_acl: true + +.. code-block:: yaml + + # config/packages/security.yaml + + security: + acl: + connection: default Using the roles --------------- diff --git a/docs/reference/roles_matrix.rst b/docs/reference/roles_matrix.rst index 08eabd6fc..a1d67cd02 100644 --- a/docs/reference/roles_matrix.rst +++ b/docs/reference/roles_matrix.rst @@ -45,13 +45,10 @@ You can set the ``show_in_roles_matrix`` option to ``false``, like this: services: app.admin.post: class: App\Admin\PostAdmin - arguments: - - ~ - - App\Entity\Post - - ~ tags: - name: sonata.admin + model_class: App\Entity\Post manager_type: orm label: 'Post' show_in_roles_matrix: false diff --git a/docs/reference/user_impersonation.rst b/docs/reference/user_impersonation.rst index c07fac260..69a88928b 100644 --- a/docs/reference/user_impersonation.rst +++ b/docs/reference/user_impersonation.rst @@ -10,16 +10,15 @@ to role switch from has the ``ROLE_ALLOWED_TO_SWITCH`` role. .. code-block:: yaml - role_hierarchy: - # ... - ROLE_SUPER_ADMIN: [ROLE_SONATA_ADMIN, ROLE_ALLOWED_TO_SWITCH] + # config/packages/security.yaml - firewalls: - main: - # ... - admin: - # ... - switch_user: true + security: + role_hierarchy: + ROLE_SUPER_ADMIN: [ROLE_SONATA_ADMIN, ROLE_ALLOWED_TO_SWITCH] + + firewalls: + admin: + switch_user: true Please note that sessions are not shared by default over different firewalls (for example, if you are trying to switch to a user who is authenticated on another firewall, such as ``main`` given in @@ -32,8 +31,9 @@ in the ``SonataUserBundle`` configuration: .. code-block:: yaml + # config/packages/sonata_user.yaml + sonata_user: - ... impersonating: route: sonata_admin_dashboard