Symfony sfGuard – Setting up users,groups,permissions

sfGuard is a Symfony plugin that implements a user management and login system for an application. It supports both groups and individual users… and it saves you from having to ‘roll your own’ user administration system. This guide assumes you have followed the steps given in the readme and that you now want to begin setting up users/permissions etc.

1. Create links in the backend menu to the user/group/permissions tables.

Edit apps/backend/templates/layout.php and add these items to the menu.

1
2
3
<li><?php echo link_to('Users', '@sf_guard_user') ?></li>
<li><?php echo link_to('Groups', '@sf_guard_group') ?></li>
<li><?php echo link_to('Permissions', '@sf_guard_permission') ?></li>

2. Create a login/logout link on the frontend.

Edit apps/frontend/templates/layout.php and add these items to the menu. (Notice the use of $sf_user in the templates.)

1
2
3
4
5
<?php if($sf_user->isAuthenticated()): ?>
   <ul><li><?php echo link_to('Logout', '/logout') ?></li></ul>
<?php else: ?>
   <ul><li><?php echo link_to('Login', '/login') ?></li></ul>
<?php endif; ?>

3. Create some users, groups, permissions

for us to play with using the backend. Create user->basicUser, group->basicGroup, permission->basicPermission. I will be using a basic setup where users always belong to a group and the group has permissions. I will not assigning permissions to individual users. therefore give basicGroup the basicPermission. and you will have something similar to this:

sfGuard user

4. Restricting access to certain modules/actions

Similar to how I never set individual permissions for one user I make it standard that I only ever set permissions using credentials. ie. In the application I never restrict security dependent on user or group id only on permission/credentials. This allows greater flexibility in the future. Note sfGuard gets confusing to some people because many documents talk about credentials, well basically credentials are what is called in sfGuard permissions.

If we have a module called “question”, inside of apps/frontend/modules/question we create a config folder and a new security.yml. Inside of apps/frontend/modules/question/config/security.yml we would have

1
2
3
all:
    is_secure: on
    credentials: basicPermission

To set permissions on an action level we would have something similar to the following:

1
2
3
4
5
6
7
8
9
10
all:
    is_secure: on
    credentials: basicPermission
 
index:
    is_secure: off
 
new:
    is_secure: on
    credentials: basicPermission

Part 2 will detail setting up user registration

Past Websites I Worked On

Some of the sites I have worked on are shown below:

mylanguagepal-247x300

MyLanguagePal.com – Online Language Swap

As part of a university project we created a website for users to exchange language skills. eg. A french person practises their english skills with an english person and vice versa. A number of new tools/challenges were faced. It was interesting to learn a PHP framework (symfony) that gave MVC separation. Working as a group meant my first real use of SVN. At last count the site had 267 registered users, WOOhoo!

2-similar-sao-300x230

Hong Kong – Student Affairs Office

While on IAESTE placement in Hong Kong for 3 months one of my tasks was a design overhaul of the student affairs office website and to use a CMS as the secretaries couldn’t edit HTML.

bbwinet-home-300x219

BBWI.net – small ISP

They requested a small “homely” design for their residential ISP. In the end they went with a more corporate professional design.

bknowledgeablecom-253x300

bKnowledgeable.com – Internet Startup

A website for those who seek knowledge. I never really understood the idea, but they knew the kind of design they wanted. Very little design work involved, was just a case of creating the HTML/CSS.

englishtalkonlinecom-256x300

EnglishTalkOnline.com – University Project

As part of an entrepreneurial project we required a quick website to offer language tutoring. Lets just say we never made it rich.

alta-300x171

ALTA – Adaptive Learning, Teaching and Assessment

I worked at ALTA professionally for a year. They had an entirely custom written piece of software that they saw as the future of testing children. It had some very interesting ideas, test questions vary slightly to prevent cheating, tests adapt to how well a pupil is doing etc. I got a lot of experience of MS-SQL and ASP programming, including bug finding. The picture shown here is the “messaging” system I created to allow teachers to message pup