Archive

Posts Tagged ‘symfony’

Symfony sfGuard - Setting up users,groups,permissions

January 11th, 2009

sfGuard is a Symfony plugin that implements a user management and login system for an application. It supports both groups and individual users… and it saves you from having to ‘roll your own’ user administration system. This guide assumes you have followed the steps given in the readme and that you now want to begin setting up users/permissions etc.

1. Create links in the backend menu to the user/group/permissions tables.

Edit apps/backend/templates/layout.php and add these items to the menu.

1
2
3
<li><?php echo link_to('Users', '@sf_guard_user') ?></li>
<li><?php echo link_to('Groups', '@sf_guard_group') ?></li>
<li><?php echo link_to('Permissions', '@sf_guard_permission') ?></li>

2. Create a login/logout link on the frontend.

Edit apps/frontend/templates/layout.php and add these items to the menu. (Notice the use of $sf_user in the templates.)

1
2
3
4
5
<?php if($sf_user->isAuthenticated()): ?>
   <ul><li><?php echo link_to('Logout', '/logout') ?></li></ul>
<?php else: ?>
   <ul><li><?php echo link_to('Login', '/login') ?></li></ul>
<?php endif; ?>

3. Create some users, groups, permissions

for us to play with using the backend. Create user->basicUser, group->basicGroup, permission->basicPermission. I will be using a basic setup where users always belong to a group and the group has permissions. I will not assigning permissions to individual users. therefore give basicGroup the basicPermission. and you will have something similar to this:

sfGuard user

sfGuard user

4. Restricting access to certain modules/actions

Similar to how I never set individual permissions for one user I make it standard that I only ever set permissions using credentials. ie. In the application I never restrict security dependent on user or group id only on permission/credentials. This allows greater flexibility in the future. Note sfGuard gets confusing to some people because many documents talk about credentials, well basically credentials are what is called in sfGuard permissions.

If we have a module called “question”, inside of apps/frontend/modules/question we create a config folder and a new security.yml. Inside of apps/frontend/modules/question/config/security.yml we would have

1
2
3
all:
    is_secure: on
    credentials: basicPermission

To set permissions on an action level we would have something similar to the following:

1
2
3
4
5
6
7
8
9
10
all:
    is_secure: on
    credentials: basicPermission
 
index:
    is_secure: off
 
new:
    is_secure: on
    credentials: basicPermission

Part 2 will detail setting up user registration

web development ,