I am actually for renaming Username to handle instead. as Username would almost always be a part of the user model and i think most application would allow loggin in with an email as well. A handle could also be a openid token in some cases maybe?
On Oct 20, 5:20 pm, Fabien Potencier <fabien.potenc...@symfony- project.com> wrote: > On 10/20/10 5:06 PM, Matthias Nothhaft wrote: > > > Hi, > > > first of all I have to say the new security layer looks great. I just > > had a look at the code and the docs. > > Thanks for taking the time to review the code and thanks for the > feedback. This is much appreciated. Quick answers below. > > > I'm comparing it a bit with sf 1.x trying to understand how things > > work and how I can build a bundle on top of it. > > > I wonder why you called this thing "role" ? I understand that > > "credential" was not that good choice in sf 1.x but to me this is more > > like "permission" or "right" to do something (most of the time some > > action). So I think it would be better to call this permission or > > right. To me "role" is what you also used in the docs: an admin or a > > content editor or something like that, but to me a role in this case > > is a "small summary" what a user can do or in other words a group of > > some rights to work on a part of the application. > > Role is different than a permission. The documentation does not reflect > that yet, but if you have a look at the code, you can see that the > switch user feature is implemented as a role for instance. > > > Also, I think it would be useful to have a way to define these roles > > something in a configuration file so a user+permission system can > > easily load all available roles of all bundles into the database. Of > > course this could be part of such a bundle but I think it would make > > sense to have a Symfony2 default to *define* possible roles. > > We will have an ACL system in Symfony2. This is just something that is > not done yet. > > > On the other side I read somewhere "credential" and I suppose this is > > now the password of a user? > > Yes, the password or something else. But most of the time, for most > websites, this is the password. > > > Also, "username" is also a bit confusing as this is not always the > > username but can be an email adress or customer number or whatever, so > > maybe a better name for this could be "handle" or "auth_handle" or > > something like that? > > Like for the password, most of the time, the "username" is well, the > username. In Spring, this is called the "principal" instead. I choose to > use "username" as it is probably what developers expect. > > > Ok.. I guesss for "all the rest" of my current questions I can only > > find the answers by implementing a user bundle on top of Symfony2. For > > example I would probably want to implement the form login and logout > > completely by myself to add things like IP/username blocking for too > > many failed tries and so on. Might not be my last posting about that > > topic.. ;-) > > Keep them coming. The component is very young and I'm sure we can > enhance it a lot before the final release. > > Fabien > > > > > > > > > regards, > > Matthias -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
