Details

    • Epic Link:
    • Story Points:
      2
    • Deployment actions:
      Hide

      Change:

      • { path: ^/admin, roles: IS_AUTHENTICATED_REMEMBERED }

      To:

      • { path: ^/admin, roles: [IS_AUTHENTICATED_REMEMBERED, ROLE_SCOPE_INTEGRATED] }

      Add:
      firewalls:
      default:
      scope: ~

      Show
      Change: { path: ^/admin, roles: IS_AUTHENTICATED_REMEMBERED } To: { path: ^/admin, roles: [IS_AUTHENTICATED_REMEMBERED, ROLE_SCOPE_INTEGRATED] } Add: firewalls: default: scope: ~
    • Team:
      Team A
    • Sprint:
      Team A Sprint 52

      Description

      Background

      On /admin (or any other configured URL for Integrated in the Symfony installation) only the Integrated scope is allowed. It is currently possible to go the admin after logging in on the website.

      In INTEGRATED-1284 Closed , a solution with allow_if is implemented, but this is currently not supported.

      A better solution is to inject a role for each scope, to allow blocking on something like ROLE_INTEGRATED in security.yml

      Requirements

      • Inject role ROLE_INTEGRATED when a user is logged in on the Integrated scope
      • Block the /admin path for users without the ROLE_INTEGRATED role

      Test scenarios

      • Log in Integrated with an Integrated-scope user: should work
      • Log in Integrated with a website-scope user: should not work
      • Log in into the website a website-scope user: should work
      • After that go to the integrated content navigator: should redirect to the login form

        Attachments

          Issue links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                marijn Marijn Otte
                Product owner:
                Marijn Otte
                Client:
                Integrated Marijn
                Developer:
                Ger Jan van den Bosch (Inactive)
                Code reviewer:
                Jeroen van Leeuwen
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  OTM