Merge branch '3.4' into 4.3

javiereguiluz · javiereguiluz · commit 53000c76e2a8 · 2019-09-06T11:59:57.000+02:00
* 3.4:
  Be more explicit about the use of regular expressions in access_control
diff --git a/security.rst b/security.rst
@@ -437,6 +437,10 @@ start with ``/admin``, you can:
                 # require ROLE_ADMIN for /admin*
                 - { path: ^/admin, roles: ROLE_ADMIN }
 
+                # the 'path' value can be any valid regular expression
+                # (this one will match URLs like /api/post/7298 and /api/comment/528491)
+                - { path: ^/api/(post|comment)/\d+$, roles: ROLE_USER }
+
     .. code-block:: xml
 
         <!-- config/packages/security.xml -->
@@ -456,6 +460,10 @@ start with ``/admin``, you can:
 
                 <!-- require ROLE_ADMIN for /admin* -->
                 <rule path="^/admin" role="ROLE_ADMIN"/>
+
+                <!-- the 'path' value can be any valid regular expression
+                     (this one will match URLs like /api/post/7298 and /api/comment/528491) -->
+                <rule path="^/api/(post|comment)/\d+$" role="ROLE_USER"/>
             </config>
         </srv:container>
 
@@ -474,6 +482,10 @@ start with ``/admin``, you can:
             'access_control' => [
                 // require ROLE_ADMIN for /admin*
                 ['path' => '^/admin', 'role' => 'ROLE_ADMIN'],
+
+                // the 'path' value can be any valid regular expression
+                // (this one will match URLs like /api/post/7298 and /api/comment/528491)
+                ['path' => '^/api/(post|comment)/\d+$', 'role' => 'ROLE_USER'],
             ],
         ]);
 
