Hi
Using the userin a template with anonymous authentication is a bit
problematic with the way it is implemented currently: if the user is
authenticated app.user will be an object and it will be a string
otherwise. This make it impossible to use a method of the object without
testing each time if the user is fully authenticated.
Thus I don't know how the Security components handles the vote but it
seems inefficient to vote for the IS_FULLY_AUTHENTICATED role several
time in the template just because of this. The easy solution for this
would be to add a boolean parameter app.authenticated with this result
to vote only once for this. But it does not solve the problem of
requiring a test each time we need to access a property of the user. So
maybe the way anonymous users are handled should be changed.
What is your feeling about that ?
Regards
--
Christophe | Stof
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
