This forum is in READ-ONLY mode.
You can look around, but if you want to ask a new question, please use the new forum.
Home » plugins » User management plugins » User Permissions
icon10.gif  User Permissions [message #97341] Wed, 14 April 2010 11:50 Go to next message
lathifmca  is currently offline lathifmca
Messages: 15
Registered: March 2010
Location: Trichy
Junior Member
Hi Friends,

I am using sfDoctrineGuardPlugin for my project. I created a SuperAdmin and normal user. Also I created 2 Groups (one for Admin, one for User) and 2 Permissions.

Now my problem is in setting credentials, everytime i needed to change in module's security.yml file.


index:
    is_secure: off
    
new:
    is_secure: on
    credentials: MYADMIN

edit:
    is_secure: on
    credentials: MYADMIN



It becomes easier when it is come in the frontend. So that, the Admin can set the User Roles per module in frontend.. (here frontend is not about the Application, its about the GUI based Frontend Design)

is that possible guys..? Smile

Thanks in Advance.. Very Happy
Re: User Permissions [message #97609 is a reply to message #97341 ] Mon, 19 April 2010 12:33 Go to previous messageGo to next message
halfer  is currently offline halfer
Messages: 9535
Registered: January 2006
Location: West Midlands, UK
Faithful Member
I am not sure what the issue is here. Once you've set the credentials required for a particular module, you don't need to amend it again - just add any new users to the relevant group.

If you mean that you have to modify the security.yml every time you add a new action, remember that you can use an action name of "all" to specify default credentials. So for your example, you'd have is_secure=on and credentials=MYADMIN by default, and then set up an exception for the `index` action.


Remember Palestine
Re: User Permissions [message #97679 is a reply to message #97609 ] Tue, 20 April 2010 15:29 Go to previous messageGo to next message
lathifmca  is currently offline lathifmca
Messages: 15
Registered: March 2010
Location: Trichy
Junior Member
Thanks halfer,

I am using sfDoctrineGuardPlugin for Administrating my backend application,

I enabled the sfGuardUser Module, now my admin can create, edit or delete the Users using this Module...

Now my question is, Is this Possible to Add the Privilege Section in that Module ? , So that an Admin can give the Privilege (Credentials) to the Modules for the Particular User directly and dynamically from online Very Happy , Unless, I need to alter this Credential Details in security.yml everytime Sad

Thank you Guys... Smile
Re: User Permissions [message #97682 is a reply to message #97341 ] Tue, 20 April 2010 15:58 Go to previous messageGo to next message
halfer  is currently offline halfer
Messages: 9535
Registered: January 2006
Location: West Midlands, UK
Faithful Member
The user interface does not allow you to edit credential(s) required for your modules, no.

I think you have an understanding of this the wrong way around. The credentials required for an action should stay the same - it is the credentials that your user has that are editable, and that can change during the lifetime of an sfUser object.

So, when a new user account needs to be set up, your administrator should allocate the credentials to a user that will permit them to access the actions he/she wants them to access. No editing of the security.yml is necessary for this.

I wonder "MYADMIN" is a username in your system? If so, you've misunderstood how this works. Think of credentials like roles, so you might have:

index:
  is_secure: off
    
new:
  is_secure: on
  credentials: [[user_editor, user_creator]]

edit:
  is_secure: on
  credentials: [user_editor, user_reviewer]

This means that an editor OR a creator can use the `new` function, whilst a user has to be an editor AND a reviewer to use the edit action. Does that make more sense?


Remember Palestine
Re: User Permissions [message #97685 is a reply to message #97682 ] Tue, 20 April 2010 16:23 Go to previous messageGo to next message
lathifmca  is currently offline lathifmca
Messages: 15
Registered: March 2010
Location: Trichy
Junior Member
Well that's the Nice Explanation, Thank You once again Halfer,

What I expect is, Can i able to Set the Credentials for the user without using Security.yml file ?

And Is this Possible, an admin able to set the Credentials for the user dynamically, without editing security.yml everytime ?

Your Example is very nice,

index:
  is_secure: off
    
new:
  is_secure: on
  credentials: [[user_editor, user_creator]]

edit:
  is_secure: on
  credentials: [user_editor, user_reviewer]


This means that an editor OR a creator can use the `new` function, whilst a user has to be an editor AND a reviewer to use the edit action. Does that make more sense?

Yes, Halfer, I understand this example. But My Question is, For example, If I want to give the EDIT permission to user_creator, I need to come this yml file and need to change the EDIT's CREDENTIALS line... Isn't It ?

What am I asking about Is there a way to do this via User Interface ? So that an Admin can set the CREDENTIALS Dynamically and easily without editing .yml files.. like creating Groups and Permissions..

Thank You Guys..

[Updated on: Tue, 20 April 2010 16:28]

Re: User Permissions [message #98566 is a reply to message #97341 ] Wed, 05 May 2010 18:34 Go to previous message
halfer  is currently offline halfer
Messages: 9535
Registered: January 2006
Location: West Midlands, UK
Faithful Member
I've already answered whether you can do this via the user interface, and again I am not sure you need to do it this way around.

The only situation I imagine that you would want to do it your way is in a CMS situation, where the permissions for a given role are defined by the user and potentially in flux. Otherwise, it is best to have several permission names defined in sfGuard (i.e. symfony credentials) and add and remove these per user or per user group, for which a UI exists already.

We use the above approach (role based) plus permission-based as well (for us, add, edit, delete, print, etc are all permissions in sfGuard). This approach is extremely flexible, at the minor cost of having to allocate quite a lot of permissions to users when they are created (groups help here).

If you still want to do it your way then I would modify the credentials system in symfony to use a database rather than a YAML file. The latter needs to have the cache cleared before it will take effect, which is not ideal on a live system.


Remember Palestine
Previous Topic:sf_guard_password try to implement it
Next Topic:CSRF error when using "remember me" function
Goto Forum:
  

powered by FUDforum - copyright ©2001-2004 FUD Forum Bulletin Board Software