Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Y
Y
yalex14422015-11-10 19:32:59
symfony
yalex1442, 2015-11-10 19:32:59

Symfony2 access rights to site functionality. What mechanisms to use?

Good evening Toaster!
For example, you need to implement a captcha check for a regular user, but not for an admin, etc.
What is the best way to implement this, the captcha check logic: describe it directly in the controller or take the check somewhere outside? Where/how common?
I completed the captcha as a service. And how to issue when you need / do not need to use the captcha service?
UPD: I managed to find an opportunity in SF2 to create a field in type form not attached to an entity,
i.e. it is possible to check this field without using the entity received data

//namespace AppBundle\Form\Type;
//src: ...types/type.php

    public function buildForm(FormBuilderInterface $builder, array $options)
    {
        $builder->add('name')->add('Поиск', 'submit');
        if (1)//if from $options
        {
$builder->add('recaptcha', 'ewz_recaptcha', array(
    'mapped'      => false,
        'constraints' => array(
            new RecaptchaTrue()
        )
    ));        }

    }

Recaptcha Bundle https://github.com/excelwebzone/EWZRecaptchaBundle

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
A
Andrey Kulikovsky, 2015-11-10
@yalex1442

Checking the validity of the captcha value in the controller is a normal practice.
If standard forms are used, then in FormType you can pass an option like "show_capcha" and in buildForm(), based on the value of "show_capcha", show the captcha field or not.

Report
S
Sergey, 2015-11-10
Protko @Fesor

Well, that's where you output and decide. And where you check ... Where it is convenient there and you can. Symphony has built-in checks a la isGranted

Report
G
GrizliK1988, 2015-11-12
@GrizliK1988

You can also do something like this:
1. Add a factory that will return one of 2 forms (with or without captcha), and the form with captcha will be inherited from the form without captcha.
2. This factory will already decide what to give to the user either based on security.authorization_checker->isGranted (which will require the creation of Voter), or based on the bundle configuration.
Thus, the controller will not contain unnecessary logic for it (rule 5-10-20 symfony.com/doc/current/best_practices/controllers...

Similar questions
L
Lorem Ipsum2020-02-07 12:51:52
Postgresql, React.js, Express, how to implement user authorization? 2Reply
E
Edward Treit2020-02-09 10:36:22
How to organize automatic game updates through the Electron application? 3Reply
P
Peyoter2015-01-19 23:30:05
Should a small studio develop for Zend2? 4Reply
M
magary42017-01-18 19:40:13
Csrf protection without form component? 1Reply
I
Ivan Antonov2015-01-21 17:07:25
Symfony2+Doctrine2 why is the repository not created? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question