I know mate. The problem is the logged user can't have access to a specific module if he don't have the Credential 6, but he is having access to it, even without the Credential 6.
On 25 Mar, 10:31, Sid Bachtiar <sid.bacht...@gmail.com> wrote: > Another thing... > > I think you confuse authentication and credential. > > is_secure is only checking whether the user has logged in or not > (authentication), it doesn't check the credentials. > > A user can still logged in (authenticated) without having any credential. > > > > On Thu, Mar 25, 2010 at 11:26 PM, Sid Bachtiar <sid.bacht...@gmail.com> wrote: > > Your security.yml needs to specify the required credentials, for example: > > > default: > > is_secure: on > > credentials: admin > > > Then don't forget to clear cache > > > On Thu, Mar 25, 2010 at 11:24 PM, wueb <webmaster....@gmail.com> wrote: > >> Hey > > >> I have credentials for each module i build. > > >> For example: > > >> # Module abc have the security.yml: > >> all: > >> credentials: 6 > > >> But i can access my module abc even without the credential 6. > > >> The results of the hasCredential are strange too, because i always get > >> 1 from them, even if i remove the credential. Example: > > >> $this->addCredential("xpto"); > >> echo $this->hasCredential("xpto"); // prints 1 > >> $this->removeCredential("xpto"); > >> echo $this->hasCredential("xpto"); // prints 1 > > >> What is happening? > > >> PS: My default security.yml have: > > >> default: > >> is_secure: true > > >> -- > >> If you want to report a vulnerability issue on symfony, please send it to > >> security at symfony-project.com > > >> You received this message because you are subscribed to the Google > >> Groups "symfony users" group. > >> To post to this group, send email to symfony-users@googlegroups.com > >> To unsubscribe from this group, send email to > >> symfony-users+unsubscr...@googlegroups.com > >> For more options, visit this group at > >>http://groups.google.com/group/symfony-users?hl=en > > >> To unsubscribe from this group, send email to > >> symfony-users+unsubscribegooglegroups.com or reply to this email with the > >> words "REMOVE ME" as the subject. > > > -- > > Blue Horn Ltd - System Development > >http://bluehorn.co.nz > > -- > Blue Horn Ltd - System Developmenthttp://bluehorn.co.nz -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en To unsubscribe from this group, send email to symfony-users+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.