Hi, sfGuardPermission in symfony+doctrine (via sfDoctrineGuardPlugin) is used to manage credentials per module-action against an user.
Let say you have an object action named "edit" (object action != module action), you'll have a module action named executeEdit, here you can't put in security.yml all credentials for all permissions for all object actions, you'll have to do the check in the action's code (think of preExecute for example, or adding an action to your very own sfActions class and call it wherever it is needed -best way though for me). I have "finished" (it does what I want, but not exactly the way I want), but I can't release the code as it is part of a project at work. Need to talk to my n+1 about this. Sorry. Anyway I can give you advices on how to do this. Create a Doctrine_Template (name it as you want)(look at doctrine doc for how to do) A Doctrine_Template gives you opportunity to add a listener (thus I don't know if a behavior is the thing to use or a simple listener...anyway...). In this listener you'll code the postInsert method to create a sfGuardPermission named like like %s/%d/%s for $objectClass/$objectId/$objectAction (you can put this as a behavior property, see schema above). Don't forget do delete permission on postDelete. You'll need a (static ?) method to compute the name of the permission for an object action (used in action to check for credential, the permission name is needed). Then add the check code in your action. The best thing I came off is about creating a sfDoctrineModule theme which will have intelligence about all of this (seeing object action as a subclass of module action, conceptually speaking). Schema example (I think there is a propel behavior permissionable also, you could take a look at it) myClass: actAs: Permissionable: permission_pattern: %s/%d/%s actions: edit: ~ #this will create a sfGuardPermission named myClass/$id/edit, you'll be able to manage it in the sfGuard* modules. ... Cheers, Before Printing, Think about Your Environmental Responsibility! Avant d'Imprimer, Pensez à Votre Responsabilitée Environnementale! On Wed, Apr 7, 2010 at 1:27 PM, Tofuwarrior <psbur...@googlemail.com> wrote: > Hi, > > I have only just got down to looking this, have you had any progress? > > I have written permissions systems fine in the past but not sure of > the best way of doing the checking in symfony and making best use of > sfGuard or something. > > I've done full object, action, group, user permissions in the past, > but it seems like symfony should do a lot of this stuff for us. > > Cheers, > > Paul > > On Feb 16, 3:07 pm, Stéphane <stephane.er...@gmail.com> wrote: > > Hi, > > > > http://pastebin.com/m1508fa42 > > > > This is "by-object" basis without taking care of "inheritance" (thus > > inferencing isn't coded). > > If you do so, I would really enjoy seeing the code ;-) > > > > Cheers, > > > > Before Printing, Think about Your Environmental Responsibility! > > Avant d'Imprimer, Pensez à Votre Responsabilitée Environnementale! > > > > On Mon, Feb 15, 2010 at 5:32 PM, Tofuwarrior <psbur...@googlemail.com > >wrote: > > > > > Hi all, > > > > > I am pretty new to symfony and would be grateful for anyones advice. > > > I'm trying to work out how to implement an object ownership > > > permissions system. > > > > > sfGuard seems to do everything except allow me to assign permissions > > > per object. > > > > > ie: joe bloggs can edit documents, 1,2 & 4 but (by infererence) not 3 > > > and 5. > > > > > Is this kind of thing possible or do I need to code my own permissions > > > system. Seems like something people would want, am I thinking the > > > wrong way about this? > > > > > Thanks, > > > > > Paul > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "symfony users" group. > > > To post to this group, send email to symfony-us...@googlegroups.com. > > > To unsubscribe from this group, send email to > > > symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com> > <symfony-users%2bunsubscr...@googlegroups.com<symfony-users%252bunsubscr...@googlegroups.com> > > > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/symfony-users?hl=en. > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to symfony-users@googlegroups.com > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com<symfony-users%2bunsubscr...@googlegroups.com> > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en > > To unsubscribe, reply using "remove me" as the subject. > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en