Hello, i just want to bring my gist up here so it doesnt get lost on twitter. Regarding slide 104 i think maybe an extension of the following kind would be interesting:
https://gist.github.com/7c2b4f04760798d3b899 greetings, Benjamin On Sat, 2010-10-09 at 19:40 +0200, Fabien Potencier wrote: > On 10/9/10 5:49 PM, Jordi Boggiano wrote: > > Heya, > > > > Sadly I couldn't attend sfday, but I just read the slides, and I have a > > question regarding the Security/Firewall thingy. > > > > Why are all the patterns defined on urls? Why not using routes (as we do > > in templates to reference URLs)? Can't we define security on a > > per-controller/action basis rather than trying to pinpoint URLs? > > The access control rules choice is based on a RequestMatcher object. If > you have a look at the slide, you will see an example on the controller > class name, one on the IP address, ... So, this is quite flexible. > > > I guess we'll be able to access the user's role from the controller to > > assess more fine-grained rights, like the guy can edit an article, but > > not that last field of the form. > > Yes > > $this['security.context']->getUser()->getRoles(); > > > I also guess a user can have multiple roles, if not I think this should > > be adjusted. > > Yes, multiple roles are possible: roles="ROLE_USER,ROLE_REMOTE" > > And the roles are hierarchically stored. > > Fabien > > > Cheers > > > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
