Fantasy: Your client has an incredibly simple, intuitive, and cohesive ACL schema in mind. Permission and group names make sense, never change, and current users perpetually encounter properly restricted behavior. While we’re at it, you’re also able to code one-handed while scuba-diving the Caymans.
The Cold Hard Truth: Permission names are inconsistent, Groups are changed and reassigned, and your poor users are left dangling somewhere between “Why can I see the administrator’s Social Security Number?” and “The ‘Donate Large Sums of Money’ page is giving me permission denied!”
I created a simple solution to this problem with a few new symfony tasks now available via csSecurityTaskExtraPlugin. In a nutshell, the plugin allows you to more easily visualize the security coverage of your application. Here are some examples below:
$ ./symfony app:security frontend
The app:route-security task compares your security.ymls to all the routes in your application
$ ./symfony app:route-security frontend
You can also list who has access to which actions specified in security.yml with the group-security task.
$ ./symfony app:group-security frontend
Pass the name of an sfGuardGroup object as the second argument to narrow down your output
$ ./symfony app:group-security frontend author
List users who has access with the user-security task.
$ ./symfony app:user-security frontend
Pass the username or id of an sfGuardUser object as the second argument to narrow down your output
$ ./symfony app:group-security frontend andyadministrator OR $ ./symfony app:group-security frontend 3
It’s fairly basic right now. The product of a few hours’ work and a desire to get something new out into the community. What other enhancements would you like to see to give you more/better control of your site’s security coverage?
RSS Feed