I'm using authorization [1] with multiple access_control entries to (bottom of [2]). Between two different entries, I'd like to employ varying strategies when deciding on the entry's roles. Consider:
- /admin/page/edit - user should have both ROLE_EDITOR and ROLE_ADMIN - /page/history - user must have at least one of ROLE_EDITOR or ROLE_ADMIN I realize the URL's and role names might not make sense, but it's difficult to come up with a practical example at the moment :) Currently, there is a single AccessDecisionManager service shared between all of the security component. This service is configured with a single strategy (currently not through config - it's a DIC parameter). Does anyone have a reasonable use case for why they might need to employ a different voting strategy (one of decideAffirmative, decideConsensus, decideUnanimous) on demand? If I wasn't working with AccessListener and in a controller/template, I suppose I would just use boolean logic with votes on single roles at a time. In IRC, Johannes suggested creating a custom voter that decides how to vote based on an attribute, which are extra parameters for AccessDecisionManager::decide(), which I can provide in the access_control configs. Even if that is just a working fix for now, I feel that allowing only a single strategy for the entire application seems like an artificial limitation - alternatively, I would prefer setting a default and allowing strategy selection as-needed. Thoughts? [1] http://docs.symfony-reloaded.org/master/guides/security/authorization.html [2] http://docs.symfony-reloaded.org/master/guides/security/config_reference.html -- jeremy mikola -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
