Comments on: Extending sfGuardPlugin (part 2) http://www.symfonylab.com/extending-sfguardplugin-part-2/ Everything you wanted to know about Symfony framework but did not know who to ask! Fri, 08 Aug 2008 20:50:27 +0000 http://wordpress.org/?v=2.3.3 By: Jacques Philip http://www.symfonylab.com/extending-sfguardplugin-part-2/#comment-309 Jacques Philip Mon, 24 Mar 2008 02:47:29 +0000 http://www.symfonylab.com/extending-sfguardplugin-part-2/#comment-309 I am working on an application where I extend sfGuard (or rather sfGuardDoctrine) to accommodate permissions per account. I explain: There is a user table an account table, permission table and a ternary relationship in the permitting table with user_id, account_id and permission_id. For example a certain user can have blog-admin permission for account 1. The difficulty is that the credentials needed for an action cannot be set in security.yml because they dependent on the account the action acts on. So what I do is: - In the signin method of SecurityUser, I store the credential as a string of the form: permission|account_id for example blog-admin|1. - I override the getCredential method of each module to protect, adding the account specific credentials (like blog-admin|1) to the ones defined in the security.yml file. Any other ideas if anyone has been implementing that case? I am working on an application where I extend sfGuard (or rather sfGuardDoctrine) to accommodate permissions per account.
I explain: There is a user table an account table, permission table and a ternary relationship in the permitting table with user_id, account_id and permission_id.
For example a certain user can have blog-admin permission for account 1.
The difficulty is that the credentials needed for an action cannot be set in security.yml because they dependent on the account the action acts on.
So what I do is:
- In the signin method of SecurityUser, I store the credential as a string of the form: permission|account_id for example blog-admin|1.
- I override the getCredential method of each module to protect, adding the account specific credentials (like blog-admin|1) to the ones defined in the security.yml file.

Any other ideas if anyone has been implementing that case?

]]>