Permisos y credenciales de Symfony 1.4 Y O no funciona

Need to know if I'm missing something... I'm using sfGuardPlugin and trying to get a complex credential to work... and it's not even that complex. I just can't get either AND or OR to work.

"user_a" is set up to have permission "A" in both permissions and group "A" which also has permission "A" assigned to it.

I also have a Permission "B" and a group "B" set up in the same fashion as above... however, I did not assign user_a to these permissions. To be clear: user_a only has A permissions.

Now in security I have the following (where the user needs to either have credential A or B):

dashboard:
  credentials: [[A, B]]

Now when I try to have user_a access the dashboard, it fails and redirects to the credentials required page. I tried the same thing with an AND statement and set up user_a with both, using:

dashboard:
  credentials: [A, B]

...again, it failed.

Now, when I remove the brackets, and just use one credential, it all works perfectly. It's just when I use them in combination, in any form, that I run into problems.

Furthermore, I have checked if the user has a single credential, using:

echo $user->hasCredential('A');

And it responds as expected: True

But if I assign the user to both A and B and then try either:

echo $user->hasCredential(array('A', 'B'), false);

or

echo $user->hasCredential(array('A', 'B'));

It responds with False.

I'm stumped. What am I missing? I MUST have at least the [[OR]] working. Has anyone else experienced this? Is there a work-around?

EDIT: code snippet in myUser.class:

public function hasCredential($permission_name)
    {
    //this overrides the default action (hasCredential) and instead of checking
    //the user's session, it now checks the database directly.  
    if (!$this->isAuthenticated()) {
      return false;
    }
    $gu = $this->getGuardUser();
    $groups = $gu->getGroups();
    $permissions = $gu->getPermissions();

    $permission_names = array();
    foreach($permissions as $permission) {
      $permission_names[] = $permission->getName();
    }
    foreach($groups as $group) {
      $group_permissions = $group->getPermissions();
      foreach($group_permissions as $group_permission) {
        $permission_names = array_merge($permission_names, array($group_permission->getName()));
      }
    }
    $permission_names = array_unique($permission_names);
    return (in_array($permission_name, $permission_names)) ? true : false;
  }

EDIT:

The above code snippet is indeed the problem. I tested it without the code snippet and it works as expected. So my next question, is how to tweak the snippet to accommodate instances with AND or OR? Suggestions?

preguntado el 09 de marzo de 12 a las 15:03

I guess in your test that when you assign both credentials you get True both $user->hasCredential('A') y $user->hasCredential('B'). Where is security.yml? I'm reading dashboard action... are you using sfAdminDashPlugin? -

security.yml is in my config folder for each module. I am not using sfAdminDashPlugin. 'dashboard' in my example above is just a named module of mine. -

...could really still use some help on this problem. Does anyone have any idea or suggestion as to where to begin troubleshooting this issue? -

I was thinking about... I'm using settings like [[A,B]] without problem but just as user permissions and works fine, but I don't use group. Maybe something in permission settings is wrong... the user is in group B and permission B is a group permission (in sf_guard_group_permission) or an user permission (sf_guard_user_permission), and so which permission is assigned? -

I'll tinker around with that and see if that helps. Currently, user_a is assigned to a group_permission. But I think I recall changing these settings around to individual permissions only and then group only, without any affect. But I'll try it again and see if I can narrow it down. Thanks for not forgetting me... I was about to write a whole new permission check in the action if I couldn't get it to work... and that's a whole lot of work I'd rather not do if I can avoid it. -

1 Respuestas

I'm going to close this question, because I have found the problem and I will open a new question as a result of the issue I'm having with the code snippet (which becomes a new question).

respondido 20 mar '12, 12:03

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.