Hi,
sfGuardPermission in symfony+doctrine (via sfDoctrineGuardPlugin) is used to
manage credentials per module-action against an user.
Let say you have an object action named "edit" (object action != module
action), you'll have a module action named executeEdit, here you can't put
in security.yml all credentials for all permissions for all object actions,
you'll have to do the check in the action's code (think of preExecute for
example, or adding an action to your very own sfActions class and call it
wherever it is needed -best way though for me).
I have "finished" (it does what I want, but not exactly the way I want), but
I can't release the code as it is part of a project at work. Need to talk to
my n+1 about this. Sorry.
Anyway I can give you advices on how to do this.
Create a Doctrine_Template (name it as you want)(look at doctrine doc for
how to do)
A Doctrine_Template gives you opportunity to add a listener (thus I don't
know if a behavior is the thing to use or a simple listener...anyway...).
In this listener you'll code the postInsert method to create a
sfGuardPermission named like like %s/%d/%s for
$objectClass/$objectId/$objectAction (you can put this as a behavior
property, see schema above). Don't forget do delete permission on
postDelete.
You'll need a (static ?) method to compute the name of the permission for an
object action (used in action to check for credential, the permission name
is needed).
Then add the check code in your action.
The best thing I came off is about creating a sfDoctrineModule theme which
will have intelligence about all of this (seeing object action as a subclass
of module action, conceptually speaking).
Schema example (I think there is a propel behavior permissionable also, you
could take a look at it)
myClass:
actAs:
Permissionable:
permission_pattern: %s/%d/%s
actions:
edit: ~ #this will create a sfGuardPermission named
myClass/$id/edit, you'll be able to manage it in the sfGuard* modules.
...
Cheers,
Before Printing, Think about Your Environmental Responsibility!
Avant d'Imprimer, Pensez à Votre Responsabilitée Environnementale!
On Wed, Apr 7, 2010 at 1:27 PM, Tofuwarrior <psbur...@googlemail.com> wrote:
> Hi,
>
> I have only just got down to looking this, have you had any progress?
>
> I have written permissions systems fine in the past but not sure of
> the best way of doing the checking in symfony and making best use of
> sfGuard or something.
>
> I've done full object, action, group, user permissions in the past,
> but it seems like symfony should do a lot of this stuff for us.
>
> Cheers,
>
> Paul
>
> On Feb 16, 3:07 pm, Stéphane <stephane.er...@gmail.com> wrote:
> > Hi,
> >
> > http://pastebin.com/m1508fa42
> >
> > This is "by-object" basis without taking care of "inheritance" (thus
> > inferencing isn't coded).
> > If you do so, I would really enjoy seeing the code ;-)
> >
> > Cheers,
> >
> > Before Printing, Think about Your Environmental Responsibility!
> > Avant d'Imprimer, Pensez à Votre Responsabilitée Environnementale!
> >
> > On Mon, Feb 15, 2010 at 5:32 PM, Tofuwarrior <psbur...@googlemail.com
> >wrote:
> >
> > > Hi all,
> >
> > > I am pretty new to symfony and would be grateful for anyones advice.
> > > I'm trying to work out how to implement an object ownership
> > > permissions system.
> >
> > > sfGuard seems to do everything except allow me to assign permissions
> > > per object.
> >
> > > ie: joe bloggs can edit documents, 1,2 & 4 but (by infererence) not 3
> > > and 5.
> >
> > > Is this kind of thing possible or do I need to code my own permissions
> > > system. Seems like something people would want, am I thinking the
> > > wrong way about this?
> >
> > > Thanks,
> >
> > > Paul
> >
> > > --
> > > You received this message because you are subscribed to the Google
> Groups
> > > "symfony users" group.
> > > To post to this group, send email to symfony-us...@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > > symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com>
> <symfony-users%2bunsubscr...@googlegroups.com<symfony-users%252bunsubscr...@googlegroups.com>
> >
> > > .
> > > For more options, visit this group at
> > >http://groups.google.com/group/symfony-users?hl=en.
>
> --
> If you want to report a vulnerability issue on symfony, please send it to
> security at symfony-project.com
>
> You received this message because you are subscribed to the Google
> Groups "symfony users" group.
> To post to this group, send email to symfony-users@googlegroups.com
> To unsubscribe from this group, send email to
> symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com>
> For more options, visit this group at
> http://groups.google.com/group/symfony-users?hl=en
>
> To unsubscribe, reply using "remove me" as the subject.
>
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
