diff --git a/book/security.rst b/book/security.rst index e9dc4df6826..57b1b873dec 100644 --- a/book/security.rst +++ b/book/security.rst @@ -204,7 +204,7 @@ user to be logged in to access this URL: # ... firewalls: # ... - + access_control: # require ROLE_ADMIN for /admin* - { path: ^/admin, roles: ROLE_ADMIN } @@ -427,9 +427,10 @@ If you'd like to load your users via the Doctrine ORM, that's easy! See :doc:`/cookbook/security/entity_provider` for all the details. .. _book-security-encoding-user-password: +.. _c-encoding-the-users-password: -C) Encoding the Users Password -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +C) Encoding the User's Password +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Whether your users are stored in ``security.yml``, in a database or somewhere else, you'll want to encode their passwords. The best algorithm to use is @@ -668,7 +669,7 @@ URL pattern. You saw this earlier, where anything matching the regular expressio # ... firewalls: # ... - + access_control: # require ROLE_ADMIN for /admin* - { path: ^/admin, roles: ROLE_ADMIN } @@ -834,9 +835,9 @@ in this chapter). Be careful with this in your layout or on your error pages! Because of some internal Symfony details, to avoid broken error pages in the ``prod`` environment, wrap calls in these templates with a check for ``app.user``: - + .. code-block:: html+jinja - + {% if app.user and is_granted('ROLE_ADMIN') %} Securing other Services @@ -970,7 +971,7 @@ the User object, and use the ``isGranted`` method (or // boo :(. Never check for the User object to see if they're logged in if ($this->getUser()) { - + } Retrieving the User in a Template @@ -989,7 +990,7 @@ key: .. code-block:: html+php - isGranted('IS_AUTHENTICATED_FULLY')): ?> + isGranted('IS_AUTHENTICATED_FULLY')): ?>

Username: getUser()->getUsername() ?>