symfony credentials issue with sfDoctrineGuard 5.x
I am using sfDoctrineGuard 5.x and I have configured my module credentials in security.yml like this:
all:
is_secure: true
credentials: [ admin ]
and my app/backend/config/security.yml:
default:
is_secure: true
I have tested using:
$this->getUser()->hasPermission('vendor')
: returned true
$this->getUser()->hasPermission('admin')
: returned false
so I guess the users are inheriting credentials right. But still users with other credentials can access the module!
I have 3 types of group admin, client and vendor and similar permissions: admin, client and vendor!
And users having 'client' or 'vendor' credentials can access the module ignoring the credentials defined in the security.yml after login !
What could be the problem? Can anyone give me some direction?
oh, I am using sfForkedApplyPlugin for registration and prof开发者_运维百科ile editing process, which I don't think causing the issue, as I am testing with predefined fixture data.
I figured out the problem just now! It was the *is_super_admin* field in *sf_guard_user* table which was set to 1 for all my dummy users in fixture.yml :) ! That's why every users were getting access to all modules bypassing the credentials!
精彩评论