add chat user roles and login

2026-05-11 11:33:03 +02:00
parent 3c5de0d8e6
commit 83ac6d600e
9 changed files with 312 additions and 71 deletions
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -11,11 +11,12 @@ security:

    firewalls:

-        # 🔐 Admin zuerst!
+        # Admin area: same user provider, separate /admin route space.
        admin:
            pattern: ^/admin
            lazy: true
            provider: app_user_provider
+            context: retriex_user_area

            form_login:
                login_path: admin_login
@@ -31,17 +32,49 @@ security:
                lifetime: 604800
                path: /admin

-        # 🌍 Alles andere ist public (Chat etc.)
+        # Chat area: same user provider, separate route space and role gate.
+        chat:
+            pattern: ^/(?:$|chat(?:/|$)|ask-jobs(?:/|$)|ask-sse(?:/|$)|history(?:/|$)|chat-messages/frontend$)
+            lazy: true
+            provider: app_user_provider
+            context: retriex_user_area
+
+            form_login:
+                login_path: chat_login
+                check_path: chat_login
+                default_target_path: chat_index
+
+            logout:
+                path: chat_logout
+                target: chat_login
+
+            remember_me:
+                secret: '%kernel.secret%'
+                lifetime: 604800
+                path: /
+
+        # Everything outside Admin and Chat remains public/static.
        main:
            pattern: ^/
            security: false

    role_hierarchy:
-        ROLE_SUPER_ADMIN: [ROLE_KNOWLEDGE_ADMIN, ROLE_EDITOR, ROLE_USER]
-        ROLE_KNOWLEDGE_ADMIN: [ROLE_EDITOR, ROLE_USER]
-        ROLE_EDITOR: [ROLE_USER]
+        ROLE_SUPER_ADMIN: [ROLE_KNOWLEDGE_ADMIN, ROLE_EDITOR, ROLE_ADMIN_AREA, ROLE_CHAT_USER, ROLE_USER]
+        ROLE_KNOWLEDGE_ADMIN: [ROLE_EDITOR, ROLE_ADMIN_AREA, ROLE_CHAT_USER, ROLE_USER]
+        ROLE_EDITOR: [ROLE_ADMIN_AREA, ROLE_CHAT_USER, ROLE_USER]
+        ROLE_ADMIN_AREA: [ROLE_USER]
+        ROLE_CHAT_USER: [ROLE_USER]

    access_control:
        - { path: ^/admin/login$, roles: PUBLIC_ACCESS }
        - { path: ^/admin/logout$, roles: PUBLIC_ACCESS }
-        - { path: ^/admin, roles: ROLE_USER }
+        - { path: ^/admin, roles: ROLE_ADMIN_AREA }
+
+        - { path: ^/chat/login$, roles: PUBLIC_ACCESS }
+        - { path: ^/chat/logout$, roles: PUBLIC_ACCESS }
+        - { path: ^/$, roles: ROLE_CHAT_USER }
+        - { path: ^/chat$, roles: ROLE_CHAT_USER }
+        - { path: ^/ask-jobs, roles: ROLE_CHAT_USER }
+        - { path: ^/ask-sse, roles: ROLE_CHAT_USER }
+        - { path: ^/history, roles: ROLE_CHAT_USER }
+        - { path: ^/chat-messages/frontend$, roles: ROLE_CHAT_USER }