Just Uber » sfSettingsPlugin http://www.justuber.com/blog Dancing with Nerds Thu, 17 Mar 2011 11:11:52 +0000 http://wordpress.org/?v=2.8.4 en hourly 1 Symfony – cssTabsPlugin and security http://www.justuber.com/blog/2009/03/11/symfony-csstabsplugin-and-security/ http://www.justuber.com/blog/2009/03/11/symfony-csstabsplugin-and-security/#comments Wed, 11 Mar 2009 23:36:48 +0000 Adam http://www.justuber.com/blog/?p=154 Hi all,
I have been working on a Symfony (ver1 of the MVC) based application. It needs really tight security that is really granular. So I did what most people do and installed the cool sfGuardPlugin.

It works a treat.

But.. I started to look at how I secure individual buttons, or sections of code etc.
The best way would be to create a load of credentials, e.g view_token, add_token, edit_token, view_token_history, etc etc which can then be grouped together to allow access via groups or individual assignement.

Then I started thinking about the use of hardcoded text within the code, such as the following example and ‘viewtoken’.

$sf_user->hasCredential('view_token');

I don’t like hardcoding anything if I can help it, so installed the sfSettingsPlugin, added the line of code:

include_once (sfConfigCache::getInstance()->checkConfig('config/db_settings.yml'));

to my controllers (it doesn’t mention that anywhere on the plugin site or within the code!), did a quick symfony propel-build-all-load & symfony cc and added a few settings.

The settings are available in your app as a normal CONSTANT, I created view_token with the value of viewtoken, so I could access it within the application as the constant VIEW_TOKEN.

You may wonder why I didn’t just hardcode the values? I am not sure at the moment, its a lot of hassle so far, but at least it will be highly configurable :)

Any ways, we have installed the sfSettings plugin, I have the very good wordpress style menus plugin called sfCssTabsPlugin already installed and working well. Finding this great add on that allowed the sfcsstabs to recognise security credentials that are based in any modules /config/security.yml, I thought great!

But I hit a snag, once installed and working it only recognised the first credential of that user.
If you have a lot of credentials, and I do, then it fails :(

I found a work around though:
In \plugins\sfGuardPlugin\lib\user\sfGuardSecurityUser.class.php
I replaced:


return $this->hasCredential($credentials);

with:


$permissions=$this->getAllPermissionNames();
if(in_array($credentials, $permissions)) {
return true;
}else{
return false;
}

This gets all the permissions, those set within a group and those assigned to an individual user.
I am not sure if this is best way to do it, I am sure writing another method within the model would probably be a better bet, but I am soooOO lazy. If I do (or you?) then I will post it on here.

The above code allowed me to get all the credentials and display individual elements of the menu according to the security credentials of the user.

thanks

Adam

]]> http://www.justuber.com/blog/2009/03/11/symfony-csstabsplugin-and-security/feed/ 0