Symfony sfGuard - Setting up users,groups,permissions
sfGuard is a Symfony plugin that implements a user management and login system for an application. It supports both groups and individual users… and it saves you from having to ‘roll your own’ user administration system. This guide assumes you have followed the steps given in the readme and that you now want to begin setting up users/permissions etc.
1. Create links in the backend menu to the user/group/permissions tables.
Edit apps/backend/templates/layout.php and add these items to the menu.
1 2 3 | <li><?php echo link_to('Users', '@sf_guard_user') ?></li> <li><?php echo link_to('Groups', '@sf_guard_group') ?></li> <li><?php echo link_to('Permissions', '@sf_guard_permission') ?></li> |
2. Create a login/logout link on the frontend.
Edit apps/frontend/templates/layout.php and add these items to the menu. (Notice the use of $sf_user in the templates.)
1 2 3 4 5 | <?php if($sf_user->isAuthenticated()): ?> <ul><li><?php echo link_to('Logout', '/logout') ?></li></ul> <?php else: ?> <ul><li><?php echo link_to('Login', '/login') ?></li></ul> <?php endif; ?> |
3. Create some users, groups, permissions
for us to play with using the backend. Create user->basicUser, group->basicGroup, permission->basicPermission. I will be using a basic setup where users always belong to a group and the group has permissions. I will not assigning permissions to individual users. therefore give basicGroup the basicPermission. and you will have something similar to this:
sfGuard user
4. Restricting access to certain modules/actions
Similar to how I never set individual permissions for one user I make it standard that I only ever set permissions using credentials. ie. In the application I never restrict security dependent on user or group id only on permission/credentials. This allows greater flexibility in the future. Note sfGuard gets confusing to some people because many documents talk about credentials, well basically credentials are what is called in sfGuard permissions.
If we have a module called “question”, inside of apps/frontend/modules/question we create a config folder and a new security.yml. Inside of apps/frontend/modules/question/config/security.yml we would have
1 2 3 | all:
is_secure: on
credentials: basicPermission |
To set permissions on an action level we would have something similar to the following:
1 2 3 4 5 6 7 8 9 10 | all:
is_secure: on
credentials: basicPermission
index:
is_secure: off
new:
is_secure: on
credentials: basicPermission |
Part 2 will detail setting up user registration
Thank you..
your article saving my day..
and im waiting for your second release..
Wow … nice one! Short and nearly perfect
Hey ,wonderful article. Just have a few issues.Please help..
1. I set up sfguard and created a basicuser,basicpermission and basicgroup and gave the user basicpermission using the GUI .
2.Then I added to a particular module in my project a config folder and a settings.yml and added issecure:on and credential:basicpermission.
Now, I have two users one say vishal and other basicuser. I want only the basicuser who has the credential basicpermission to access the module.
But both are able to access the module without any problems.
Kindly guide me.I also did the following in my action:
if($this->getUser()->hasCredential(’basicpermission’)
{
execute some code
}
But that also didnt work…..
Please guide me……………………
First I suggest you clear your cache, that solves half the “bugs” I have.
Then check whether an unregistered user can access the page, to check the effect of issecure.
Excellent hints, thank you. When will part 2 be available?
Hi,
vaery nice article. From few days I fighting with user registation in symfony, but without success.. please, where i can find part 2 of your article about my problem ??
There is another very useful post at http://trac.symfony-project.org/wiki/sfGuardPluginExtraDocumentation... I setup a test implementation for sfDoctrineGuard here as well: http://tech.cibul.org/a-really-simple-sfguard-with-user-profile-setup/
thats what i need. thanks a lot…i
Thanks, you writted whats i need.