I use symfony sfDoctrineGuardPlugin to manage authentication for both frontend users and backend users. It's fine, except that I don't want frontend users to be able to login to the backend app. I can setup credentials, but credentials are checked after a user gets authenticated. What I want is to have sigin in form to never validate for a user, that is not in a backend group. How can I do this?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
I think I found a better solution. sfDoctrineGuard plugin has its own post validator that checks for an optional callable for user retrival.
//app.yml
all:
sf_guard_plugin:
retrieve_by_username_callable: sfGuardUser::getForBackend
//sfGuardUser.class.php
public static function getForBackend($username)
{
$query = Doctrine::getTable('sfGuardUser')->createQuery('u')
->leftJoin('u.Groups g')
->leftJoin('g.Permissions p')
->where('u.username = ? OR u.email_address = ?', array($username, $username))
->addWhere('u.is_active = ?', true)
->addWhere('p.name = ?', 'backend');
return $query->fetchOne();
}
回答2:
Here's one idea: You could try creating a custom post-validator for the login form. Here's a Google result:
http://www.symfony-project.org/blog/2008/09/05/call-the-expert-how-to-implement-a-conditional-validator
In this validator, you could check whether the user belongs to the group in question and then throw an error accordingly. The user would not get authenticated.
回答3:
I think you just have to add:
storage:
class: sfSessionStorage
param:
session_name: sf_backend
at the end of your backend/config/factories.yml
By default, symfony shares session cookies, with this solution, symfony separate this cookies.