0

I want to provide specified actions for different role in Symfony 1.4 project.

Project contains several database tables which values can be modified only by certain roles.

For example, an administrator gains access to CRUDs for all models. Another role (let it be a consultant) can only retrieve (not modify or remove) results from specified models (not all).

How can I support such a feature in symfony? I assume that roles for the project will be specified in advance.

One solution I was thinking about is creating modules and actions for each role separately (crud panels + one logging interface), but it sounds like a huge job.

Just wondering what the smarter way is.

icedwater
  • 4,701
  • 3
  • 35
  • 50
Khozzy
  • 1,064
  • 4
  • 15
  • 29

1 Answers1

1

I think the best way to achieve that is definitively credentials (it is for sf1.2 but ok for 1.4).

I recommend you to use sfGuardDoctrine to use some groups with associated permissions (which are credentials). You define a group admin, consultant, etc .. You associate some credentials, like modifiy, remove, create, edit, etc ..

And then, every time a user will log in, it will automatically have defined credentials (associated to him or by his group).

After, you have to check for every action if the user has can perform it:

if($this->getUser()->hasCredential('modify'))
{
  // authorized action
}

Here is some more documentation for sfGuard (related to sf1.0 but it is good to understand how it works).

j0k
  • 22,600
  • 28
  • 79
  • 90