Standard signin() method looks:
class BasesfGuardAuthActions extends sfActions
{
public function executeSignin($request)
{
$user = $this->getUser();
if ($user->isAuthenticated())
{
return $this->redirect('@homepage');
}
$class = sfConfig::get('app_sf_guard_plugin_signin_form',
'sfGuardFormSignin');
$this->form = new $class();
if ($request->isMethod('post'))
{
$this->form->bind($request->getParameter('signin'));
if ($this->form->isValid())
{
$values = $this->form->getValues();
$remember = isset($values['remember']) ? $values['remember'] :
false;
$this->getUser()->signin($values['user'], $remember);
$signinUrl = sfConfig::get
('app_sf_guard_plugin_success_signin_url', $user->getReferer($request-
>getReferer()));
return $this->redirect('' != $signinUrl ? $signinUrl :
'@homepage');
}
}
else
{
if ($request->isXmlHttpRequest())
{
$this->getResponse()->setHeaderOnly(true);
$this->getResponse()->setStatusCode(401);
return sfView::NONE;
}
$user->setReferer($request->getReferer());
$module = sfConfig::get('sf_login_module');
if ($this->getModuleName() != $module)
{
return $this->redirect($module.'/'.sfConfig::get
('sf_login_action'));
}
$this->getResponse()->setStatusCode(401);
}
}
....................
}
In my application admin has 'high' credentials. So in \sf_sandbox\apps
\frontend\modules I created sfGuardAuth\actions\actions.class.php
with that code:
class sfGuardAuthActions extends BasesfGuardAuthActions
{
public function executeSignin($request)
{
$user = $this->getUser();
if ($user->isAuthenticated())
{
return $this->redirect('@homepage');
}
$class = sfConfig::get('app_sf_guard_plugin_signin_form',
'sfGuardFormSignin');
$this->form = new $class();
if ($request->isMethod('post'))
{
$this->form->bind($request->getParameter('signin'));
if ($this->form->isValid())
{
$values = $this->form->getValues();
$remember = isset($values['remember']) ? $values['remember'] :
false;
$this->getUser()->signin($values['user'], $remember);
$signinUrl = sfConfig::get
('app_sf_guard_plugin_success_signin_url', $user->getReferer($request-
>getReferer()));
///////////////////////////////////////////////////////////////////////////////////
//MINE ADDED CODE:
if(!$this->getUser()->hasCredential('high'))
{
$this->getUser()->setFlash('news1', 'Only admin can
login.');
$this->getUser()->setAuthenticated(false);
}
/////////////////////////////////////////////////////////////////////////////////////
return $this->redirect('' != $signinUrl ? $signinUrl :
'@homepage');
}
}
else
{
if ($request->isXmlHttpRequest())
{
$this->getResponse()->setHeaderOnly(true);
$this->getResponse()->setStatusCode(401);
return sfView::NONE;
}
$user->setReferer($request->getReferer());
$module = sfConfig::get('sf_login_module');
if ($this->getModuleName() != $module)
{
return $this->redirect($module.'/'.sfConfig::get
('sf_login_action'));
}
$this->getResponse()->setStatusCode(401);
}
}
}
Something like that or I should change something ? It works but is it
correct ? I want make sure because security is very important.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
