« Speeding up Firefox 3 in KDE 4 (Kubuntu Intrepid)
Making ‘ondemand’ CPU frequency scaling more responsive »

Symfony – cssTabsPlugin and security

Hi all,
I have been working on a Symfony (ver1 of the MVC) based application. It needs really tight security that is really granular. So I did what most people do and installed the cool sfGuardPlugin.

It works a treat.

But.. I started to look at how I secure individual buttons, or sections of code etc.
The best way would be to create a load of credentials, e.g view_token, add_token, edit_token, view_token_history, etc etc which can then be grouped together to allow access via groups or individual assignement.

Then I started thinking about the use of hardcoded text within the code, such as the following example and ‘viewtoken’.

$sf_user->hasCredential('view_token');

I don’t like hardcoding anything if I can help it, so installed the sfSettingsPlugin, added the line of code:

include_once (sfConfigCache::getInstance()->checkConfig('config/db_settings.yml'));

to my controllers (it doesn’t mention that anywhere on the plugin site or within the code!), did a quick symfony propel-build-all-load & symfony cc and added a few settings.

The settings are available in your app as a normal CONSTANT, I created view_token with the value of viewtoken, so I could access it within the application as the constant VIEW_TOKEN.

You may wonder why I didn’t just hardcode the values? I am not sure at the moment, its a lot of hassle so far, but at least it will be highly configurable :)

Any ways, we have installed the sfSettings plugin, I have the very good wordpress style menus plugin called sfCssTabsPlugin already installed and working well. Finding this great add on that allowed the sfcsstabs to recognise security credentials that are based in any modules /config/security.yml, I thought great!

But I hit a snag, once installed and working it only recognised the first credential of that user.
If you have a lot of credentials, and I do, then it fails :(

I found a work around though:
In \plugins\sfGuardPlugin\lib\user\sfGuardSecurityUser.class.php
I replaced:


return $this->hasCredential($credentials);

with:


$permissions=$this->getAllPermissionNames();
if(in_array($credentials, $permissions)) {
return true;
}else{
return false;
}

This gets all the permissions, those set within a group and those assigned to an individual user.
I am not sure if this is best way to do it, I am sure writing another method within the model would probably be a better bet, but I am soooOO lazy. If I do (or you?) then I will post it on here.

The above code allowed me to get all the credentials and display individual elements of the menu according to the security credentials of the user.

thanks

Adam

Posted by Adam

Post to del.icio.us Post to del.icio.us

Post to Slashdot Post to Slashdot

Digg this Digg this

This entry was posted on Wednesday, March 11th, 2009 at 11:36 pm and is filed under Tags: , , , , , , , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply