security:
    encoders:
        App\Entity\User: 
            id: app.password.encoder

    role_hierarchy:
        ROLE_USER_ACCUEIL:
        ROLE_USER_GUICHET:
        ROLE_GESTION:
        ROLE_ADMIN:
        ROLE_SUPER_ADMIN:
            - ROLE_ADMIN

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main:
            pattern:   ^/
            anonymous: true
            provider:  main
            form_login:
                login_path: app_login
                check_path: app_login
                default_target_path: app_home
                use_referer: true
                csrf_parameter: _csrf_security_token
                csrf_token_id: a_private_string

            logout:
                invalidate_session: true
                path: app_logout
                target: app_home


    providers:
        main:
            entity:
                class: App\Entity\User
                property: username


    
    # ROLE_ADMIN = accède à tout
    # ROLE_VALIDATOR = accède aux validations de planning
    # ROLE_MASTER = accède à la gestion de client / projet / commande / tache
    # ROLE_USER = accède 
    # ROLE_VISITOR = accède à rien
    access_control:
        - { path: ^/user, roles: [ROLE_ADMIN, ROLE_MASTER, ROLE_STUDENT, ROLE_USER] }
        - { path: ^/master, roles: [ROLE_ADMIN, ROLE_MASTER] }
        - { path: ^/admin, roles: [ROLE_ADMIN] }