symfony sfGuardUser hasCrendential live after update

I'm using symfony 1.4 and the sfGuardDoctrinePlugin, I've got it installed and setup fine but I have the following problem:

If I login as an admin and update the permissions for a user, that user must logout then login again before having the newly added credential/permission.

Is there a way around this?

I'm not sure how easy this would be to fix. When a user logs in I think their credentials are adde开发者_运维知识库d to their session attributes there and then. So when the admin updates their credentials their session still holds the old credentials. This means any call to hasCredential isn't "live".

Thanks

This would add extra queries to each and every request to your application. You could force update of the credentials by $user->getSfGuardUser()->refresh(true), which would reload the entity and all its relations (and thus its permissions).

Thanks for your answer, I've modified the processForm function of the sfGuardUser module's actions class.

If I login and change my own permissions, the session is updated there and then.

My problem is that if I edit the user permissions of another user, I would need to edit their session data. To solve this I enabled database sessions, so I now have sessions saving there instead of to file. So my next problem is how to isolate the session for the other user.

The sessions database has the following columns: sess_id, sess_data, sess_time.

sess_data is serialized and that is what I would need to update.

But I think symfony updates the session ids quite often and it would be hard to always isolate the correct session for the other user.

I think that it would also be slow to try and unserialize, check user_id then reserialize the data. I would need a user_id column I think.

I know this is an old question, but I recently had this same problem and it took me way longer than it should have to find the answer (which was posted in Symfony's code snippet section). Paste this function in your myUser class and all problems go away:

/**
   * Overridden method that actually reads the permission from DB
   * instead of relying on data present when the user logs in.
   *
   * @param  string  permission name
   *
   * @return boolean true if the user has credential
   */
  public function hasCredential($permission_name)
  {
    if (!$this->isAuthenticated()) {
      return false;
    }
    $gu = $this->getGuardUser();
    $groups = $gu->getGroups();
    $permissions = $gu->getPermissions();

    $permission_names = array();
    foreach($permissions as $permission) {
      $permission_names[] = $permission->getName();
    }
    foreach($groups as $group) {
      $group_permissions = $group->getPermissions();
      foreach($group_permissions as $group_permission) {
        $permission_names = array_merge($permission_names, array($group_permission->getName()));
      }
    }
    $permission_names = array_unique($permission_names);
    return (in_array($permission_name, $permission_names)) ? true : false;
    }