security: password_hashers: App\Entity\User: algorithm: auto providers: app_user_provider: entity: class: App\Entity\User property: email firewalls: # Admin area: same user provider, separate /admin route space. admin: pattern: ^/admin lazy: true provider: app_user_provider user_checker: App\Security\ActiveUserChecker context: retriex_user_area form_login: login_path: admin_login check_path: admin_login default_target_path: admin_dashboard logout: path: admin_logout target: admin_login remember_me: secret: '%kernel.secret%' lifetime: 604800 path: /admin # Chat area: same user provider, separate route space and role gate. chat: pattern: ^/(?:$|chat(?:/|$)|ask-jobs(?:/|$)|ask-sse(?:/|$)|history(?:/|$)|chat-messages/frontend$) lazy: true provider: app_user_provider user_checker: App\Security\ActiveUserChecker context: retriex_user_area form_login: login_path: chat_login check_path: chat_login default_target_path: chat_index logout: path: chat_logout target: chat_login remember_me: secret: '%kernel.secret%' lifetime: 604800 path: / # Everything outside Admin and Chat remains public/static. main: pattern: ^/ security: false role_hierarchy: ROLE_SUPER_ADMIN: [ROLE_KNOWLEDGE_ADMIN, ROLE_EDITOR, ROLE_ADMIN_AREA, ROLE_CHAT_USER, ROLE_USER] ROLE_KNOWLEDGE_ADMIN: [ROLE_EDITOR, ROLE_ADMIN_AREA, ROLE_CHAT_USER, ROLE_USER] ROLE_EDITOR: [ROLE_ADMIN_AREA, ROLE_CHAT_USER, ROLE_USER] ROLE_ADMIN_AREA: [ROLE_USER] ROLE_CHAT_USER: [ROLE_USER] access_control: - { path: ^/admin/login$, roles: PUBLIC_ACCESS } - { path: ^/admin/logout$, roles: PUBLIC_ACCESS } - { path: ^/admin/users, roles: ROLE_SUPER_ADMIN } - { path: ^/admin, roles: ROLE_ADMIN_AREA } - { path: ^/chat/login$, roles: PUBLIC_ACCESS } - { path: ^/chat/logout$, roles: PUBLIC_ACCESS } - { path: ^/$, roles: ROLE_CHAT_USER } - { path: ^/chat$, roles: ROLE_CHAT_USER } - { path: ^/ask-jobs, roles: ROLE_CHAT_USER } - { path: ^/ask-sse, roles: ROLE_CHAT_USER } - { path: ^/history, roles: ROLE_CHAT_USER } - { path: ^/chat-messages/frontend$, roles: ROLE_CHAT_USER }