1

I'm developing a application using sfDoctrineGuardPlugin and Symfony 1.4.20 then I've three users and three users groups and some permissions as follow:

user_name         user_group      permissions
u1                Group1          can_admin_full, can_admin
u2                Group2          can_admin
u3                Group3          no_admin

So u1 should be able to add users to the application but only can see Group2 and Group3 under Groups Options, u2 should be able to add users to the application to but only can see Group3 under Groups Options, so u1 and u2 shouldn't add users belonging to Group1, how I can get this using sfDoctrineGuard? It's possible?

NOTE: I use GroupN as a example but below in the code sample is the right names for groups and permissions!

EDIT: Improve question So after take a closer look at this I'm trying to to the same but adapted to my code so in lib/form/doctrine/sfDoctrineGuardPlugin/sfGuardUserForm.class.php I change this:

class sfGuardUserForm extends PluginsfGuardUserForm {

    public function configure() {
        //groups_list
        $this->getWidget('groups_list')->setOption('expanded', true);
        $this->getWidget('groups_list')->setOption('table_method', 'getListForAdmin');
        $this->getValidator('groups_list')->setOption('query', Doctrine::getTable('sfGuardGroup')->getListForAdmin());
    }

}

Also I made this changes at lib/model/doctrine/sfDoctrineGuardPlugin/sfGuardGroupTable.class.php

class sfGuardGroupTable extends PluginsfGuardGroupTable {

    /**
     * Returns an instance of this class.
     *
     * @return object sfGuardGroupTable
     */
    public static function getInstance() {
        return Doctrine_Core::getTable('sfGuardGroup');
    }

    /**
     * Builds list query based on credentials
     *
     */
    public function getListForAdmin() {
        $user = sfContext::getInstance()->getUser();
        $q = $this->createQuery('g');

        if ($user->hasPermissions('can_admin_full')) {
            $q->addWhere('g.name IN (?)', array('Administradores Monitor', 'Monitor'));
        } else if ($user->hasPermissions('can_admin')) {
            $q->addWhere('g.name IN (?)', array('Monitor'));
        }
        return $q;
    }

}

But don't work because login using a user that belongs to group "Administrador de Servicios" and has permissions 'can_admin' and 'can_admin_full' and I can see all the groups in the widget and I'm looking just for see in that case 'Administradores Monitor' and 'Monitor'

EDIT 2 Also try this other code:

$this->widgetSchema['groups_list'] = new sfWidgetFormDoctrineChoice(array('multiple' => true, 'table_method' => 'getListForAdmin', 'query' => Doctrine::getTable('sfGuardGroup')->getListForAdmin()));

And still not working, I change 'table_method' => 'getListForAdmin' to 'table_method' => 'getListForAdmin1' and nothing happens so I suspect that the method is never called

EDIT 3 Now it's working but see this: If I use this approach:

$this->getWidget('groups_list')->setOption('expanded', true);
$this->getWidget('groups_list')->setOption('table_method', 'getListForAdmin');
$this->getValidator('groups_list')->setOption('query', Doctrine::getTable('sfGuardGroup')->getListForAdmin());

Then I get this error:

SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens

If I use the other approach:

$this->widgetSchema['groups_list'] = new sfWidgetFormDoctrineChoice(array('multiple' => true, 'table_method' => 'getListForAdmin', 'query' => Doctrine::getTable('sfGuardGroup')->getListForAdmin()));

I get this other error:

sfWidgetFormDoctrineChoice requires the following options: 'model'.

Then I added the parameter model:

$this->widgetSchema['groups_list'] = new sfWidgetFormDoctrineChoice(array('multiple' => true, 'model' => 'sfGuardGroup', 'table_method' => 'getListForAdmin', 'query' => Doctrine::getTable('sfGuardGroup')->getListForAdmin()));

But get the same error as first approach, I suspect the problem is in getListForAdmin() function but really don't know where exactly

What's wrong at this point?

Community
  • 1
  • 1
Reynier
  • 2,420
  • 11
  • 51
  • 91
  • Yes, it is possible. But remember that SO is not the place where someone will write the code for you, but were you can find help when you're stuck. Show us what have you tried to achieve what you need and were exactly do you have problems. We will be able to help you then. – Michal Trojanowski Jun 06 '13 at 16:13
  • @MichalTrojanowski Hi and thanks for your reply, I'm not asking for someone to do the job for me just trying to get the correct path to get this done I mean some suggestions in which files to edit, which methods, any advice on this just to get the whole idea, can you help on this? – Reynier Jun 06 '13 at 16:20
  • That is much better now :) See my answer below. Not sure if that's the problem, but let's start with something and we'll get to the result eventually ;) – Michal Trojanowski Jun 07 '13 at 11:17

1 Answers1

1

Try to change the conditional in getListForAdmin():

if ($user->hasPermissions('can_admin_full')) {
        $q->whereIn('g.name', array('Administradores Monitor', 'Monitor'));
    } else if ($user->hasPermissions('can_admin')) {
        $q->whereIn('g.name', array('Monitor'));
    }
Michal Trojanowski
  • 10,641
  • 2
  • 22
  • 41
  • I changed the conditional as you suggested but still not working. Now maybe I'm totally lost and things are working right, see this series of images at http://www.dropmocks.com/mBtcM7. image (1) is what the user can see under **Users Edit** action, the user with permissions can_admin or can_admin_full never should see the checkbox for make a new user as superuser, also the user should see only Administradores Monitor and Monitor under Groups (Grupo in the image) options so it's not working. – Reynier Jun 07 '13 at 13:58
  • Now image (2) shows that the user logged in belongs to Group "Administrador de Servicio" and image (3) shows the permissions asigned to that group where u1, user that I use to try the functionality and is the user logged in, belongs to, what's wrong then? I missing something? – Reynier Jun 07 '13 at 14:00
  • Please make sure which form is actually used by the generated backend module. The `sfGuardPlugin` has also a `sfGuardUserAdminForm`. Maybe you should be editing this one? – Michal Trojanowski Jun 07 '13 at 21:02
  • is in there but now I'm getting this error while try to execute the code `SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens` see the EDIT I made to the first post – Reynier Jun 08 '13 at 14:24
  • Did you actually change the query to the one I posted? This error should be generated by your original query. When you pass an array to the `addWhere` method as a second parameter, Doctrine expects to have two parameter tokens (it is looking for two `?` tokens). – Michal Trojanowski Jun 08 '13 at 18:57
  • yes I did and I get a error like this `Fatal error: Call to undefined method Doctrine_Query::addWhereIn() in /var/www/html/monitor/lib/model/doctrine/sfDoctrineGuardPlugin/sfGuardGroupTable.class.php on line 28` – Reynier Jun 09 '13 at 02:02
  • @michael-trojanowski, don't worry after some research I found the solution or think to. `addWhereIn` doesn't exists in Doctrine(see [here](http://docs.doctrine-project.org/projects/doctrine1/en/latest/en/manual/dql-doctrine-query-language.html)), instead I use `whereIn` and then the code works, anyway thanks and I'll give you the points for help me and point me in the right direction – Reynier Jun 09 '13 at 02:10
  • Yep, my bad. I changed the answer to use the proper method. I'm glad it worked eventually :) – Michal Trojanowski Jun 09 '13 at 09:58