chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Chamilo is a learning management system focused on ease of use and accessibility
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51736 Commits
17 Branches
107 Tags
940 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 98bd9ddfcf
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '98bd9ddfcf'
${ noResults }
chamilo-lms/config/packages/security.yaml

119 lines
4.7 KiB
Raw Blame History

# To get started with security, check out the documentation:
# http://symfony.com/doc/current/book/security.html
security:
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
legacy_md5:
algorithm: md5
encode_as_base64: false
iterations: 1
legacy_sha1:
algorithm: sha1
encode_as_base64: false
iterations: 1
legacy_bcrypt:
algorithm: bcrypt
encode_as_base64: false
cost: 4
Chamilo\CoreBundle\Entity\User:
algorithm: auto
migrate_from:
- bcrypt
- legacy_sha1
- legacy_bcrypt
# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
app_user_provider:
entity:
class: Chamilo\CoreBundle\Entity\User
property: username
role_hierarchy:
ROLE_STUDENT: [ROLE_USER]
ROLE_ADMIN:
- ROLE_USER
- ROLE_STUDENT
- ROLE_TEACHER
- ROLE_QUESTION_MANAGER
- ROLE_SESSION_MANAGER
- ROLE_CURRENT_COURSE_TEACHER
- ROLE_CURRENT_COURSE_SESSION_TEACHER
- ROLE_CURRENT_COURSE_GROUP_TEACHER
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] # Admin that can log in as another user.
ROLE_GLOBAL_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] # The user that installed the platform.
ROLE_TEACHER: [ROLE_STUDENT]
ROLE_RRHH: [ROLE_TEACHER, ROLE_ALLOWED_TO_SWITCH]
ROLE_QUESTION_MANAGER: [ROLE_STUDENT]
ROLE_SESSION_MANAGER: [ROLE_STUDENT, ROLE_ALLOWED_TO_SWITCH]
ROLE_STUDENT_BOSS: [ROLE_STUDENT]
ROLE_INVITEE: [ROLE_STUDENT]
ROLE_CURRENT_COURSE_STUDENT: [ROLE_CURRENT_COURSE_STUDENT] # Set in the CidReqListener
ROLE_CURRENT_COURSE_TEACHER: [ROLE_CURRENT_COURSE_TEACHER, ROLE_CURRENT_COURSE_STUDENT] # Set in the course listener
ROLE_CURRENT_COURSE_GROUP_STUDENT: [ROLE_CURRENT_COURSE_GROUP_STUDENT] # Set in the CidReqListener
ROLE_CURRENT_COURSE_GROUP_TEACHER: [ROLE_CURRENT_COURSE_GROUP_TEACHER, ROLE_CURRENT_COURSE_GROUP_STUDENT]
ROLE_CURRENT_COURSE_SESSION_STUDENT: [ROLE_CURRENT_COURSE_SESSION_STUDENT]
ROLE_CURRENT_COURSE_SESSION_TEACHER: [ROLE_CURRENT_COURSE_SESSION_STUDENT, ROLE_CURRENT_COURSE_SESSION_TEACHER]
ROLE_ANONYMOUS: [ROLE_ANONYMOUS]
access_decision_manager:
# strategy can be: affirmative, unanimous or consensus
# only grant access if none of the voters has denied access
strategy: unanimous
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# Use to connect via a JWT token
api:
pattern: ^/api
# stateless: true
jwt: ~
context: main
provider: app_user_provider
json_login:
check_path: authentication_token
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
# guard:
# authenticators:
# - lexik_jwt_authentication.jwt_token_authenticator
# Default login via json
main:
pattern: ^/
context: main
provider: app_user_provider
# login_throttling:
# max_attempts: 5
# form_login:
# csrf_token_generator: security.csrf.token_manager
# login_path: /login
# use_forward: false
# check_path: /login
# failure_path: null
# guard:
# authenticators:
# - Chamilo\CoreBundle\Security\LoginFormAuthenticator
# - Chamilo\CoreBundle\Security\TokenAuthenticator
entry_point: Chamilo\CoreBundle\Security\AuthenticationEntryPoint
remember_me:
secret: '%secret%'
lifetime: 604800 # 1 week in seconds
path: /
logout:
path: /logout
target: /
switch_user: true
json_login:
check_path: /login_json
# username_path: security.credentials.login
# password_path: security.credentials.password
access_control:
- {path: ^/login, roles: PUBLIC_ACCESS}
- {path: ^/api/authentication_token, roles: PUBLIC_ACCESS}