security:
    encoders:
        FOS\UserBundle\Model\UserInterface: bcrypt

    role_hierarchy:
        # Ordinary users hierarchy.
        ROLE_SUBSCRIBER: []
        ROLE_MASTER_USER: [ ROLE_SUBSCRIBER ]

        # Admins hierarchy.
        ROLE_ADMIN: []
        ROLE_SUPER_ADMIN: [ ROLE_ADMIN ]

    providers:
        socialhose_user:
            id: authentication_bundle.user_provider

        socialhose_admin:
            id: fos_user.user_provider.username

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        registration:
            pattern: ^/security/registration
            stateless: true
            anonymous: true

        token_create:
            pattern: ^/security/token/create
            stateless: true
            anonymous: true
            socialhose_auth: ~

        token_refresh:
            pattern: ^/security/token/refresh
            stateless: true
            anonymous: true

        api:
            pattern: ^/api
            stateless: true
            provider: socialhose_user
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator

        admin:
            pattern: ^/admin
            anonymous: ~
            provider: socialhose_admin
            form_login:
                login_path: admin_login
                check_path: admin_login_check
                target_path_parameter: admin_dashboard
                default_target_path: admin_dashboard
            logout:
                path:  admin_logging_out
                target: admin_login

    access_control:
        - { path: ^/security, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
        - { path: ^/admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin, roles: ROLE_ADMIN }
        - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }