Extra questions and solutions for sfGuardPlugin


I really know a very little number of symfony projects where would not be used sfGuardPlugin. I should say I’ve seen a few custom self-written user authentification solutions but I did not notice much difference. So in other words those were wheel re-inventions.

Here is a good place to find the answers on the most of related to this plugin questions:

But you may be looking also for the following solutions which are not hightlighted there:

1. How to extend sfGuardPlugin?
2. How to practically use multi-roles (groups) in sfGuardPlugin?
3. How to implement complicated user statuses (e.g. active, pending, frozen)?

I’m sure there must be more questions and please feel free to ask them 🙂

How to extend sfGuardPlugin

Pure sfGuard provides only basic functionality for authentificating, logging, etc. If you need “signup”, “forget password” functionality you’ll need to make some coding for it. But because of this is something you’ll use in every project you may want to keep it as a separate plugin. Here is my solution. I have a plugin which is called sfGuardPluginExtra.

It has actions class which extens default sfGuardAuthActions class:

class sfGuardAuthExtraActions extends sfGuardAuthActions

And this class implements everything I may need for the most of projects: signup, password reminder, password generate functions. Also in templates folder I have overriding templates for secure, login pages.

If you have complicated user structure you may want to put into sfGuardPluginExtra/config folder schema.yml file with profile structure:

_attributes: { package: plugins.sfGuardPluginExtra.lib.model }

_attributes: { phpName: sfGuardUserProfile }
user_id: { type: integer, index: unique, foreignTable: sf_guard_user, foreignReference: id, onDelete: cascade }
first_name: { type: varchar(40) }
last_name: { type: varchar(40) }
email: { type: varchar(50) }

This way I may keep upgrading original sfGuardPlugin without overwriting my code and add extra functionality to sfGuardPluginExtra.

How to practically use multi-roles (groups) in sfGuardPlugin

What if you have different roles on your site, e.g. buyers and sellers? sfGuardPlugin provides “groups” as an instrument for developer to implement multi-roles functionality. So the main idea is to create plugin similar to described above sfGuardExtraPlugin. The only difference that now you may want to isolate access rights for different groups and you may do that using sfGuardBuyerPlugin/modules/sfGuardBuyer/config/security.yml

is_secure: on
credentials: buyer

is_secure: off

This piece of code obviously set access restrictions for the other user groups except buyer for this module. Also it allows anyone to get access to signup action.

The other piece of code you need to use when you create a buyer user:


It adds buyer permissions for object $user. Of course, you must have added buyer permission and buyer group in sf_guard_group and sf_guard_permissions tables.

Another trick you may be interested in – to have user logged in right after registration without entering the username/password.
So while you have $user object created this command logging this user:

$this->getContext()->getUser()->signIn($user, true);

With multi-roles you may want to have multi-enviroments. So buyer has to be logged into buyer dashboard and seller has to be logged into seller dashboard. Frankly to say I dont know good solution for it. But you may use the following technique for it:

Use sfGuardPlugin/modules/sfGuardAuth/lib/BasesfGuardAuthActions.class.php

There is executeSignin() function defined. You may do a hack right here (bad guy) or override this function in your sfGuardExtraPlugin. So the idea is to figure out user object permissions and redirect him to proper place:

e.g. add this code if ($this->getContext()->getUser()->hasCredential(‘buyer’)) $this->redirect(‘sfGuardBuyer/dashboard’);

How to implement complicated user statuses (e.g. active, pending, frozen)

This hack is going to be explained in the following articles. Keep an eye!

12 replies on “Extra questions and solutions for sfGuardPlugin”

Nice! Yeah.. I was talking to someone yesterday about developing signup code for symfony.. Still need forgot password code.

Will you be releasing some code snippets or a module to do the extra items you talked about in this article?

Kudos for a great article and site.. Love it!

Yes, why not? Good idea. I think I’ll release some code in next part of this sfGuardExtra article.

Great article!
Really helpfull.

I’m using this approach when user creates groups.

So, I do the following:
1. Create a group (id:43)
$group = new sfGuardGroup();
$group->setName(‘My own group’);

2. Create permissions like group_43_owner, group_43_member.

$permission_group_owner = new sfGuardPermission();
$permission_group_owner->setName(‘group_’ . $group->getId() . ‘_owner’);

… same for a member

and the question is the following:

How can I add these permissions the the user?
I saw $user->addPermissionByName(тАЩbuyerтАЩ);
Can I have something like:

Thanks in advance!

Another way to achieve to override executeSignin() without a creating a plugin is to create a sfGuardAuth module in your app with the following in actions.class.php:


* @package symfony
* @subpackage plugin
* @author Fabien Potencier
* @version SVN: $Id: actions.class.php 2278 2006-10-01 13:30:31Z fabien $
class sfGuardAuthActions extends BasesfGuardAuthActions
public function executeSignin()
// copy code from base class then alter

i received error when using ths way

Unknown method User::addGroupByName

500 | Internal Server Error | Doctrine_Record_Exception

Any idea symfony guys?

Leave a Reply

Your email address will not be published. Required fields are marked *