开发者

Securing a whole Controller in Symfony with sfGuard?

I was looking at the Documents for sfGuard and Symfony about the security. But I cannot find anywhere about secure a whole Controller. There is only called action Secure.

开发者_如何学Go

I tried to use the preExecute method to make a call to forward404Unless($this->getUser()->hasGroup('admin')) but it doesn't work.

Is it possible to use the security.yml and sfGuard to secure my actions in a controller? Or is there practice of doing this in symfony? It will be a hassle to edit every single controller I have had to create custom security that might change in the future.

Thank you.


Well symfony use a cascading configuration schema, those allowing you to configure all your project/app/module/action in a more reusable and practical way. With security happens the same thing, you can use the security.yml to define access restrictions.

If you create a security.yml in the app folder (that would be $sf_root/app_name/config/security.yml) and specify something like this:

default:
  is_secure:true

It will make all your app secure by default (users will have to be logged in), allowing you to overwrite when appropiate. Lets say the file module has an action "download" that needs admnistrator credentials, but all the other actions could be used by user having "common" and "administrator" credentials, so you will have to create a security.yml at $sf_root/apps/app_name/modules/file/config/ and define:

all:
  credentials: [[ common , administrator]]

download:
  credentials: [ administrator ]

For more info on security and advanced credentials, please check out symfony page on Action Security


You can use security.yml like this:

all:
  credentials: [admin]

I'm not sure about it working with a group, though.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜