Details

    • Team:
      Team A
    • Epic Link:
    • Story Points:
      3
    • Deployment actions:
      Hide
      Update security.yml with:

      - { path: ^/admin, roles: IS_AUTHENTICATED_REMEMBERED, allow_if: 'integrated_scope().isAdmin() == true' }
      Show
      Update security.yml with: - { path: ^/admin, roles: IS_AUTHENTICATED_REMEMBERED, allow_if: 'integrated_scope().isAdmin() == true' }

      Description

      Background

      On /admin (or any other configured URL for Integrated in the Symfony installation) only the Integrated scope is allowed. It is currently possible to go the admin after logging in on the website.

      Requirements

      • When a user is in the admin path (exluding the Integrated login page), check the scope. When the scope is not "Integrated" (a non-admin scope) redirect the user to the Integrated login page

      Test scenarios

      • Log in Integrated with an Integrated-scope user: should work
      • Log in Integrated with a website-scope user: should not work
      • Log in into the website a website-scope user: should work
      • After that go to the integrated content navigator: should redirect to the login form

        Attachments

          Activity

            People

            • Assignee:
              marijn Marijn Otte
              Reporter:
              marijn Marijn Otte
              Product owner:
              Maartje Wessels
              Client:
              Integrated Marijn
              Developer:
              Ger Jan van den Bosch
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:

                OTM