Hi, first of all I have to say the new security layer looks great. I just had a look at the code and the docs.
I'm comparing it a bit with sf 1.x trying to understand how things work and how I can build a bundle on top of it. I wonder why you called this thing "role" ? I understand that "credential" was not that good choice in sf 1.x but to me this is more like "permission" or "right" to do something (most of the time some action). So I think it would be better to call this permission or right. To me "role" is what you also used in the docs: an admin or a content editor or something like that, but to me a role in this case is a "small summary" what a user can do or in other words a group of some rights to work on a part of the application. Also, I think it would be useful to have a way to define these roles something in a configuration file so a user+permission system can easily load all available roles of all bundles into the database. Of course this could be part of such a bundle but I think it would make sense to have a Symfony2 default to *define* possible roles. On the other side I read somewhere "credential" and I suppose this is now the password of a user? Also, "username" is also a bit confusing as this is not always the username but can be an email adress or customer number or whatever, so maybe a better name for this could be "handle" or "auth_handle" or something like that? Ok.. I guesss for "all the rest" of my current questions I can only find the answers by implementing a user bundle on top of Symfony2. For example I would probably want to implement the form login and logout completely by myself to add things like IP/username blocking for too many failed tries and so on. Might not be my last posting about that topic.. ;-) regards, Matthias -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
