On Sep 11, 2012, at 2:33 PM, Thomas Rabaix <[email protected]> wrote:
> Hello, > > Context: > I am currently implementing the CMF Router Chain for the Sonata Page Bundle. > The router chain allows to cascade routing matching and generation to > different routers. Now, in the SonataPageBundle, we have 2 types of entity > bound to 1 url: > • a page: a version of the actual page managed by an editor > • a snapshot : a locked version of a page view by standard user > The CmsRouter (https://gist.github.com/3693051) uses the security component > to retrieve the correct cms manager (page or snapshot) depends on the current > user's roles. > Question: > > The code does not work as the security.context's token is set after the > router dispatcher event. Is there any reason why the security event is > dispatched after the router event ? > The only solution for now is to use the a session attribute which is against > the roles associated to a token. This might work on 99% on use cases but > still an issue remains. i agree we should sort this out. maybe a first step would be creating a PR to change the order and see what tests fail if any .. then we could make a call for people to test the PR that have done Bundles that might be problematic and see from there? regards, Lukas -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
