0

to implement credentials do I need to implement a preExecute function like this:

public function preExecute() {
        $this->configuration = new jobGeneratorConfiguration();
        if (!$this->getUser()->hasCredential(
                        $this->configuration->getCredentials($this->getActionName())

            ));
    }

Or is it suffice to have it defined in the module/config/security.yml like this:

all:
  is_secure:   true
  credentials: [ admin ]

However I am not able to work it out using security.yml only! I thought preExecute is not necessary and symfony automatically handles it by loading the security.yml definition! Please help!

I am using sfDoctrineGuardPlugin and sfForkedDoctrineApply plugin..

med
  • 369
  • 1
  • 4
  • 18
  • Just to check, have you tried doing `./symfony cc`? – lonesomeday Nov 10 '10 at 12:30
  • 1
    @lonesomeday: actually I figured out the problem just now, it was the is_super_admin field in sf_guard_user table which was set to 1 for all my dummy users in fixture.yml :) ! that's why every users were getting the access to all modules bypassing the credentials! – med Nov 10 '10 at 13:10

1 Answers1

1

There is no need for you to do a pre-execute for this.

The security.yml file is enough to stop people without the appropriate credentials from getting to the specified module or action.

Jon Winstanley
  • 23,010
  • 22
  • 73
  • 116
  • You are right! thanks for your answer. The problem was that is_admin field was set to 1 in sfGuardUser and therefore the user was able to bypass all credentials :) – med Nov 28 '10 at 11:46