Feb 23
Digg
Stumbleupon
Technorati
Delicious

Extra questions and solutions for sfGuardPlugin

Hi,

I really know a very little number of symfony projects where would not be used sfGuardPlugin. I should say I’ve seen a few custom self-written user authentification solutions but I did not notice much difference. So in other words those were wheel re-inventions.

Here is a good place to find the answers on the most of related to this plugin questions:

http://trac.symfony-project.com/wiki/sfGuardPluginExtraDocumentation

But you may be looking also for the following solutions which are not hightlighted there:

1. How to extend sfGuardPlugin?
2. How to practically use multi-roles (groups) in sfGuardPlugin?
3. How to implement complicated user statuses (e.g. active, pending, frozen)?

I’m sure there must be more questions and please feel free to ask them 🙂

How to extend sfGuardPlugin

Pure sfGuard provides only basic functionality for authentificating, logging, etc. If you need “signup”, “forget password” functionality you’ll need to make some coding for it. But because of this is something you’ll use in every project you may want to keep it as a separate plugin. Here is my solution. I have a plugin which is called sfGuardPluginExtra.

It has actions class which extens default sfGuardAuthActions class:

require_once(dirname(__FILE__).’/../../../../sfGuardPlugin/modules/sfGuardAuth/actions/actions.class.php’);
class sfGuardAuthExtraActions extends sfGuardAuthActions
{
}

And this class implements everything I may need for the most of projects: signup, password reminder, password generate functions. Also in templates folder I have overriding templates for secure, login pages.

If you have complicated user structure you may want to put into sfGuardPluginExtra/config folder schema.yml file with profile structure:

propel:
_attributes: { package: plugins.sfGuardPluginExtra.lib.model }

sf_guard_user_profile:
_attributes: { phpName: sfGuardUserProfile }
id:
user_id: { type: integer, index: unique, foreignTable: sf_guard_user, foreignReference: id, onDelete: cascade }
first_name: { type: varchar(40) }
last_name: { type: varchar(40) }
email: { type: varchar(50) }
created_at:
updated_at:

This way I may keep upgrading original sfGuardPlugin without overwriting my code and add extra functionality to sfGuardPluginExtra.

How to practically use multi-roles (groups) in sfGuardPlugin

What if you have different roles on your site, e.g. buyers and sellers? sfGuardPlugin provides “groups” as an instrument for developer to implement multi-roles functionality. So the main idea is to create plugin similar to described above sfGuardExtraPlugin. The only difference that now you may want to isolate access rights for different groups and you may do that using sfGuardBuyerPlugin/modules/sfGuardBuyer/config/security.yml

default:
is_secure: on
credentials: buyer

signup:
is_secure: off

This piece of code obviously set access restrictions for the other user groups except buyer for this module. Also it allows anyone to get access to signup action.

The other piece of code you need to use when you create a buyer user:

$user->addGroupByName(‘buyer’);
$user->addPermissionByName(‘buyer’);

It adds buyer permissions for object $user. Of course, you must have added buyer permission and buyer group in sf_guard_group and sf_guard_permissions tables.

Another trick you may be interested in – to have user logged in right after registration without entering the username/password.
So while you have $user object created this command logging this user:

$this->getContext()->getUser()->signIn($user, true);

With multi-roles you may want to have multi-enviroments. So buyer has to be logged into buyer dashboard and seller has to be logged into seller dashboard. Frankly to say I dont know good solution for it. But you may use the following technique for it:

Use sfGuardPlugin/modules/sfGuardAuth/lib/BasesfGuardAuthActions.class.php

There is executeSignin() function defined. You may do a hack right here (bad guy) or override this function in your sfGuardExtraPlugin. So the idea is to figure out user object permissions and redirect him to proper place:

e.g. add this code if ($this->getContext()->getUser()->hasCredential(‘buyer’)) $this->redirect(‘sfGuardBuyer/dashboard’);

How to implement complicated user statuses (e.g. active, pending, frozen)

This hack is going to be explained in the following articles. Keep an eye!


Author: symfonian

12 Comments

[…] Extra questions and solutions for sfGuardPlugin […]

Hugo
February 25, 2008

Thanks a lot for this article ! I hope the next one about complicated user statuses will be arrived quicly ^^

[…] Extra questions and solutions for sfGuardPlugin | SymfonyLab […]

trend
February 28, 2008

Nice! Yeah.. I was talking to someone yesterday about developing signup code for symfony.. Still need forgot password code.

Will you be releasing some code snippets or a module to do the extra items you talked about in this article?

Kudos for a great article and site.. Love it!

admin
March 2, 2008

Yes, why not? Good idea. I think I’ll release some code in next part of this sfGuardExtra article.

[…] Extra questions and solutions for sfGuardPlugin […]

Alex Filatov
March 5, 2008

Great article!
Really helpfull.

I’m using this approach when user creates groups.

So, I do the following:
1. Create a group (id:43)
$group = new sfGuardGroup();
$group->setName(‘My own group’);
$group->save();

2. Create permissions like group_43_owner, group_43_member.

$permission_group_owner = new sfGuardPermission();
$permission_group_owner->setName(‘group_’ . $group->getId() . ‘_owner’);
$permission_group_owner->save();

… same for a member

and the question is the following:

How can I add these permissions the the user?
I saw $user->addPermissionByName(тАЩbuyerтАЩ);
Can I have something like:
$user->addPermission(
$permission_group_owner);

Thanks in advance!

[…] sfGuardPlugin (part 2) Add I’ve totally forgot that at the end of post Extra questions and solutions for sfGuardPlugin we’ve promised to write how to implement complicated user statuses for sfGuardPlugin. Sorry […]

[…] version of guard plugin. We reffer you to our previous articles “Extending sfGuardPlugin part 1 part 2): if ($profile = $user->getProfile()) { $profile->setReferer($referer); $profile->save(); […]

Neil Mendoza
April 13, 2008

Another way to achieve to override executeSignin() without a creating a plugin is to create a sfGuardAuth module in your app with the following in actions.class.php:

require_once(dirname(__FILE__).’/../../../../../plugins/sfGuardPlugin/modules/sfGuardAuth/lib/BasesfGuardAuthActions.class.php’);

/**
*
* @package symfony
* @subpackage plugin
* @author Fabien Potencier
* @version SVN: $Id: actions.class.php 2278 2006-10-01 13:30:31Z fabien $
*/
class sfGuardAuthActions extends BasesfGuardAuthActions
{
public function executeSignin()
{
// copy code from base class then alter
}
}

mandoy
June 2, 2010

i received error when using ths way
$user->addGroupByName(‘buyer’);

Unknown method User::addGroupByName

500 | Internal Server Error | Doctrine_Record_Exception

Any idea symfony guys?

[…] informa??es sobre sfGuard est?o dispon?veis aqui e aqui.Mais informa??es sobre credentials aqui. This entry was posted in Symfony, […]

Comments RSS TrackBack Identifier URI

Leave a comment