On 9/14/12 9:11 PM, Lukas Kahwe Smith wrote:
On Sep 11, 2012, at 2:33 PM, Thomas Rabaix <[email protected]> wrote:Hello, Context: I am currently implementing the CMF Router Chain for the Sonata Page Bundle. The router chain allows to cascade routing matching and generation to different routers. Now, in the SonataPageBundle, we have 2 types of entity bound to 1 url: • a page: a version of the actual page managed by an editor • a snapshot : a locked version of a page view by standard user The CmsRouter (https://gist.github.com/3693051) uses the security component to retrieve the correct cms manager (page or snapshot) depends on the current user's roles. Question: The code does not work as the security.context's token is set after the router dispatcher event. Is there any reason why the security event is dispatched after the router event ? The only solution for now is to use the a session attribute which is against the roles associated to a token. This might work on 99% on use cases but still an issue remains.i agree we should sort this out. maybe a first step would be creating a PR to change the order and see what tests fail if any .. then we could make a call for people to test the PR that have done Bundles that might be problematic and see from there?
I've talked with Thomas tonight and I explained why I changed the order. There are many reasons for the change but I think the most important ones are: simplification over what we had in 2.0 and the possibility for the security to redirect.
Fabien
regards, Lukas
-- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
