symfony, sfGuardPlugin and security.yml
I’ve been playing with symfony lately, and installed the sfGuard plugin to get a better control over the groups and the users. After the usual problems, for which the solutions are found easily using Google, one issue remained unsolved for a while, while the solution was simple and straightforward:
Each module in your application can be protected through the use of the security.yml files. In the top-level security.yml file, I included the following (it was a backend application, so access should be restricted, when in doubt):
default: is_secure: on
Now, if you want to protect a module, apparently, it doesn’t work to include this in your main config:
default: is_secure: on module1: credentials: admin
However, when including this in your module1/config/security.yml file, it works (the ‘all’ concerns the actions within this module):
all:
is_secure: on
credentials: adminI assume the ‘is_secure: on’ might be omitted, as the default is set to on. It somehow bothers me to see that it is not possible to include this in the application-level security file, covering all the modules actions at once.
Four important notes when you encounter problems:
- The names listed as the credentials are the names you’ve given to your permissions! Seems logical, but try not to change them to much, as you might break access to certain parts of your site.
- The permissions assigned to the groups are granted to the users, and the permissions listed below the users are added when checked.
- When you change your own credentials, make sure to log out and log in again!
- And finally, control the access to the plugins sfGuardUsers, sfGuardGroups, sfGuardPermissions the same way as other modules, by changing the security.yml files in the plugins/sfGuardPlugin/modules/…/config/security.yml files. Don’t change the access to the sfGuardAuth module, as it needs to be accessible by anyone to be able to login (see picture).
Tags: framework, php, sfguard, sfguardplugin, symfony
December 20th, 2007 at 07:57
Good article, helped me a lot.
Thanks, Frank
December 24th, 2007 at 02:03
Thanks for the article. Its been really helpful. Trying to implement sfGuardPlugin myself at the moment
Regards, Ben
April 1st, 2008 at 05:57
Thanks – I couldn’t quite get the module/action level security thing going. This is exactly what I needed to see.
September 19th, 2008 at 05:31
Thanks for a good overview on using sfGuard’s Permissions capabilities. Have been trying to get a handle on how to use the permissions for a while now and this really sped things up.
October 8th, 2008 at 05:37
WOW!! It really impresses!!! THANX A LOT, Man!))))))
October 25th, 2008 at 08:58
Thanks !!!
June 1st, 2009 at 02:55
Hello, I begin in symfony. I am intrigued by your screenshot I don’t arrive has to have your party group / permission. To use you admin generator? Thank you in advance for your answer.
June 8th, 2009 at 07:57
Hello,
What version of symfony and propel you have used in this example? How did you create admin_double_list for “Groups” by sfPropelGenerator ?
Thanks a lot
July 1st, 2009 at 06:48
Hi,
If I want to implement security credentials for my “article” module, and if I want to restrict it to “association” and “editor” users only, I’ll have to create a permission called “article”, and to grant my users with it. Isn’t it ?
My credentials will become :
credentials : article
And if I create a group called “editor” and grant it with “article” permission, will it work ?
Thanks for your answers