How to unsecure admin generated modules in Symfony

Posted by Web Desgin Learning on Friday, October 16, 2009
You gotta love the admin generator… There’s only one problem: it’s secured by default (according to the symfony site).
But I want to use these modules in a non-secured environment.
Adding credentials: [] in the admin generator does not work… Why?
Look at your automoduleactions. You’ll find a preExecute function:
public function preExecute()
  {
    $this->configuration = new eventGeneratorConfiguration();
 
    if (!$this->getUser()->hasCredential($this->configuration->getCredentials($this->getActionName())))
    {
      $this->forward(sfConfig::get('sf_secure_module'), sfConfig::get('sf_secure_action'));
    }
 
    $this->dispatcher->notify(new sfEvent($this, 'admin.pre_execute', array('configuration' => $this->configuration)));
 
    $this->helper = new eventGeneratorHelper();
  }
This code is always executed before any action.
if (!$this->getUser()->hasCredential($this->configuration->getCredentials($this->getActionName())))
the getCredentials function:
public function getCredentials($action)
  {
    if (0 === strpos($action, '_'))
    {
      $action = substr($action, 1);
    }
 
    return isset($this->configuration['credentials'][$action]) ? $this->configuration['credentials'][$action] : array();
  }
}
The problem is that hasCredential(array()) returns false.
My solution:
Override the hasCredential function in myUser
public function hasCredential($credential, $useAnd = true)
  {
    //for usage in generator => + as credential will return hasCredential=true (even if user has no credentials at all)
    if($credential === true) return true;
    //btw => you could have checked for an empty array of credentials which is what the generator is returning
    return parent::hasCredential($credential, $useAnd);
  }
Now to make it work, put in generator.yml
config:
     actions:
        _delete:        { credentials: admin }
        _list:            { credentials: + }
        index:           { credentials: + }
#        _new:         { credentials: + }
#        _edit:         { credentials: + }
Ps: You could also use false & -

No comments:

Post a Comment