Home > web development > Symfony sfGuard - Setting up users,groups,permissions

Symfony sfGuard - Setting up users,groups,permissions

January 11th, 2009

sfGuard is a Symfony plugin that implements a user management and login system for an application. It supports both groups and individual users… and it saves you from having to ‘roll your own’ user administration system. This guide assumes you have followed the steps given in the readme and that you now want to begin setting up users/permissions etc.

1. Create links in the backend menu to the user/group/permissions tables.

Edit apps/backend/templates/layout.php and add these items to the menu.

<li><?php echo link_to('Users', '@sf_guard_user') ?></li>
<li><?php echo link_to('Groups', '@sf_guard_group') ?></li>
<li><?php echo link_to('Permissions', '@sf_guard_permission') ?></li>

2. Create a login/logout link on the frontend.

Edit apps/frontend/templates/layout.php and add these items to the menu. (Notice the use of $sf_user in the templates.)

<?php if($sf_user->isAuthenticated()): ?>
   <ul><li><?php echo link_to('Logout', '/logout') ?></li></ul>
<?php else: ?>
   <ul><li><?php echo link_to('Login', '/login') ?></li></ul>
<?php endif; ?>

3. Create some users, groups, permissions

for us to play with using the backend. Create user->basicUser, group->basicGroup, permission->basicPermission. I will be using a basic setup where users always belong to a group and the group has permissions. I will not assigning permissions to individual users. therefore give basicGroup the basicPermission. and you will have something similar to this:

sfGuard user

sfGuard user

4. Restricting access to certain modules/actions

Similar to how I never set individual permissions for one user I make it standard that I only ever set permissions using credentials. ie. In the application I never restrict security dependent on user or group id only on permission/credentials. This allows greater flexibility in the future. Note sfGuard gets confusing to some people because many documents talk about credentials, well basically credentials are what is called in sfGuard permissions.

If we have a module called “question”, inside of apps/frontend/modules/question we create a config folder and a new security.yml. Inside of apps/frontend/modules/question/config/security.yml we would have

    is_secure: on
    credentials: basicPermission

To set permissions on an action level we would have something similar to the following:

    is_secure: on
    credentials: basicPermission
    is_secure: off
    is_secure: on
    credentials: basicPermission

Part 2 will detail setting up user registration

web development ,

  1. Furqon
    January 21st, 2009 at 02:47 | #1

    Thank you..

    your article saving my day..
    and im waiting for your second release..

  2. Joerg
    January 21st, 2009 at 10:13 | #2

    Wow … nice one! Short and nearly perfect ;)

  3. jaieesh
    March 10th, 2009 at 07:21 | #3

    Hey ,wonderful article. Just have a few issues.Please help..

    1. I set up sfguard and created a basicuser,basicpermission and basicgroup and gave the user basicpermission using the GUI .

    2.Then I added to a particular module in my project a config folder and a settings.yml and added issecure:on and credential:basicpermission.

    Now, I have two users one say vishal and other basicuser. I want only the basicuser who has the credential basicpermission to access the module.

    But both are able to access the module without any problems.

    Kindly guide me.I also did the following in my action:
    execute some code
    But that also didnt work…..

    Please guide me……………………

  4. March 20th, 2009 at 12:14 | #4

    First I suggest you clear your cache, that solves half the “bugs” I have.
    Then check whether an unregistered user can access the page, to check the effect of issecure.

  5. Duncan Jauncey
    April 30th, 2009 at 11:45 | #5

    Excellent hints, thank you. When will part 2 be available? :-)

  6. rafal
    May 12th, 2009 at 12:11 | #6

    vaery nice article. From few days I fighting with user registation in symfony, but without success.. please, where i can find part 2 of your article about my problem ??

  7. May 15th, 2010 at 13:39 | #7

    There is another very useful post at http://trac.symfony-project.org/wiki/sfGuardPluginExtraDocumentation... I setup a test implementation for sfDoctrineGuard here as well: http://tech.cibul.org/a-really-simple-sfguard-with-user-profile-setup/

  8. January 17th, 2011 at 18:31 | #8

    thats what i need. thanks a lot…i

  9. December 3rd, 2011 at 14:27 | #9

    Thanks, you writted whats i need.

  1. No trackbacks yet.