I pretty like simplification when thing must be done the right way. However, the security is the starting point of any important logic. And the routing is one of them.
What I have done here : https://github.com/sonata-project/SonataPageBundle/compare/master...cmf-routing-chain#L4R91is pretty bad and defeats the firewall logic. The same goes for handling 404 page. We are providing a way of creating a page on non existent url for editor only, as the security component is not loaded the same issue occurs. I might missing a point about redirection with the Security Component. But the configuration definition does not used any information from the router. So the router should not be used for generating redirected urls. On Fri, Sep 14, 2012 at 11:06 PM, Fabien Potencier < fabien.potenc...@symfony-project.com> wrote: > > On 9/14/12 9:11 PM, Lukas Kahwe Smith wrote: > >> >> On Sep 11, 2012, at 2:33 PM, Thomas Rabaix <thomas.rab...@gmail.com> >> wrote: >> >> Hello, >>> >>> Context: >>> I am currently implementing the CMF Router Chain for the Sonata Page >>> Bundle. The router chain allows to cascade routing matching and generation >>> to different routers. Now, in the SonataPageBundle, we have 2 types of >>> entity bound to 1 url: >>> • a page: a version of the actual page managed by an editor >>> • a snapshot : a locked version of a page view by standard user >>> The CmsRouter >>> (https://gist.github.com/**3693051<https://gist.github.com/3693051>) >>> uses the security component to retrieve the correct cms manager (page or >>> snapshot) depends on the current user's roles. >>> Question: >>> >>> The code does not work as the security.context's token is set after the >>> router dispatcher event. Is there any reason why the security event is >>> dispatched after the router event ? >>> The only solution for now is to use the a session attribute which is >>> against the roles associated to a token. This might work on 99% on use >>> cases but still an issue remains. >>> >> >> i agree we should sort this out. >> maybe a first step would be creating a PR to change the order and see >> what tests fail if any .. >> then we could make a call for people to test the PR that have done >> Bundles that might be problematic and see from there? >> > > I've talked with Thomas tonight and I explained why I changed the order. > There are many reasons for the change but I think the most important ones > are: simplification over what we had in 2.0 and the possibility for the > security to redirect. > > Fabien > > > regards, >> Lukas >> >> > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony developers" group. > To post to this group, send email to symfony-devs@googlegroups.com > To unsubscribe from this group, send email to > symfony-devs+unsubscribe@**googlegroups.com<symfony-devs%2bunsubscr...@googlegroups.com> > For more options, visit this group at > http://groups.google.com/**group/symfony-devs?hl=en<http://groups.google.com/group/symfony-devs?hl=en> > -- Thomas Rabaix http://rabaix.net | http://sonata-project.org -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to symfony-devs@googlegroups.com To unsubscribe from this group, send email to symfony-devs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
