Symfony: un-secure a backend module for certain kinds of users. How?
Straight to the point -- I have a Symfony 1.3 / Propel 1.4 project. I have a module which is secured via is_secure: true in its own security.yml. I want this module to be accessible not only for super admins -- I am using the sfGuardPlugin symfony plugin. The module is located in the backend app.
I would like to make the module accessible to users who have any value of their type property. Regular users of the site have NULL in there, all of the rest have a value of some kind. When I change the security directive to is_secure: false (just to test it), I then go to /admin and do login with a user who has some type, I get properly redirected to /admin/purchases (the only non-secured backend module) but with security error message -- "You do not have access to show this page" or something开发者_Go百科 along the lines.
Since I am not quite so familiar with sfGuardPlugin (and Symfony's security in general), I would like some help as to how do I do this, please.
See documentation about action security.
Use group permissions from sfGuardPlugin to automatically ad credentials for users of your choice (see extra documentation for sfGuardPlugin in order to understand how the plugin converts user groups and permissions into credentials)
If you don't want to relay on the security.yml credentials, you could also handle this inside an action:
public function executeIndex($request){
if(!$this->getUser()->hasGroup('desired-group')){
$this->getUser->setFlash('message', 'You do not have access to show this page');
return $this->redirect('admin/purchases');
}
// more logic here
}
If this works for more actions of your module, yould could use the preExecute() methode in case of DRY (dont repeat yourself…)
As long as you've got the right credentials for each user. In your backend modules security.yml file you can do this:
all:
credentials: [[admin, developer]]
Or you can do individual actions:
requestView:
credentials: [[supporter, admin, developer]]
加载中,请稍侯......
精彩评论