Anonymous can see protected area - symfony

I am developing an app in Silex with Symfony Security component. Anonymous users should be able to access every point of app except admin section (^/admin).
What am I doing wrong? Anonymous can still access admin section. I have followed some other answers on SO to get to this points but now I am stuck.
$app['security.firewalls'] = array
(
'general' => array
(
'pattern' => '^/',
'anonymous' => true,
'form' => array
(
'login_path' => '/login',
'check_path' => '/admin/login_check',
'default_target_path' => '/admin',
'always_use_default_target_path' => true,
),
'logout' => array
(
'logout_path' => '/admin/logout',
'target_url' => '/'
),
'users' => $app->share(function() use ($app) {
return new UserProvider($app['db']);
})
)
);
// #todo - find out why anonymous can see admin panel
$app['security.access_control'] = array
(
array('path' => '^/login', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY'),
array('path' => '^/admin', 'role' => 'ROLE_USER'),
);
$app['security.role_hierarchy'] = array
(
'ROLE_ADMIN' => array('ROLE_USER'),
);

look at the docs
http://symfony.com/doc/current/book/security.html#basic-example-http-authentication
'access_control' => array(
array('path' => '^/admin/', 'role' => 'ROLE_ADMIN'),
// Include the following line to also secure the /admin path itself
// array('path' => '^/admin$', 'role' => 'ROLE_ADMIN'),
),
its either ^/admin/ or ^/admin$ not ^/admin

I have changed the security.access_control (which seemed ignored now) to security.access_rules (which threw error of "access_rules" being unknown property previously) and now it seems to work:
$app['security.access_rules'] = array
(
array('^/admin', 'ROLE_USER'),
);

Related

New fields aren't created after updating a custom module. DRUPAL 7

I have a custom module on my site. I try to install an update with a new field for my vocabulary, but the field doesn't appear.
hook_update:
function mymodule_update_7118()
{
$field_name = 'field_newfield';
if ( field_info_field( $field_name ) ) {
return;
}
$field = array(
'field_name' => $field_name,
'type' => 'list_integer',
'settings' => array(
'allowed_values' => array(
'Yes' => 1, //heard that adding a NO value may cause problems, although it doesn't work with a no value either.
),
),
);
$field = field_create_field( $field );
$instance = array(
'field_name' => $field['field_name'],
'entity_type' => 'taxonomy',
'bundle' => 'vocab_name',
'label' => 'Label',
'widget' => array(
'active' => 1,
'module' => 'options',
'settings' => array(),
'type' => 'options_select',
'weight' => '3',
),
);
field_create_instance($instance);
}
Logs contain several recordings of Internalization module creating a string to translate this field. Also all needed tables are created in the database, but they are all empty.
For creating a new custom field you must do it like a custom module. The steps can be found out at https://drupal.stackexchange.com/questions/140517/how-to-create-new-field-type
You can find the excellent field_example module from the Examples Module which is always the first place to look. Examples module can be downloaded from https://www.drupal.org/project/examples

cakephp authenticate basic only valid users

I am using the Auth with authenticate Basic.
Is there a way to check if the user is active = 1?
I would like to check that for the Form and the Basic method.
The Basic method is used, when a user log in from an iphone app sending username and password via http header.
public $components = array('Session', 'RequestHandler', 'Auth' => array(
'loginAction' => array(
'controller' => 'api',
'action' => 'login'
),
'authenticate' => array(
'Basic' => array(
'userModel' => 'Appuser',
'fields' => array(
'username' => 'name'
)
),
'Form' => array(
'userModel' => 'Appuser',
'fields' => array(
'username' => 'name'
)
)
)
));
Use the scope setting of the AuthComponent and set it using the ALL constant:
public $components = array(
'Auth' => array(
'loginAction' => array(
'controller' => 'api',
'action' => 'login'
),
'authenticate' => array(
AuthComponent::ALL => array( // Use this to apply common settings
'userModel' => 'Appuser',
'fields' => array(
'username' => 'name'
),
'scope' => array(
'Appuser.active' => 1 // This is the check you need
)
),
'Basic',
'Form'
)
)
);
For more info, refer to this section in the book.

Accessing app.user in unsecured area, silex

I have this configuration for firewall :
$app->register(new Silex\Provider\SecurityServiceProvider(), array(
'admin' => array(
'pattern' => '^/admin',
'form' => array(
'login_path' => '/#login',
'check_path' => '/admin/login_check',
),
'logout' => array(
'logout_path' => '/admin/logout',
)
),
'unsecured' => array(
'anonymous' => true,
'pattern' => '^.*$',
),
));
and also this for security.rules :
$app['security.access_rules'] = array(
array('^/admin', 'ROLE_ADMIN'),
array('.*', 'IS_AUTHENTICATED_ANONYMOUSLY'),
);
I see this answer : Silex/Symfony Security Firewall Access user token outside the secured area
But the problem is, I can not access the app.user in "/" page and is_granted (in twig) always return false to any input.
I don't know if the ACL mentioned in that answer is something else (other than the access_rules) or I do something wrong.
I believe a user (token) is only accessible within the firewall that logged it in. So as long as you are within /admin part of your site you would have access to the app.user, but not within the "unsecured" firewall.
To have the behaviour you are looking for, you need to have one overall/sitewide firewall with the pattern of ^/ and then use access rules to restrict access to /admin.
$app->register(new Silex\Provider\SecurityServiceProvider(), array(
'main' => array(
'pattern' => '^/',
'anonymous' => true,
'form' => array(
'login_path' => '/#login',
'check_path' => '/admin/login_check',
),
'logout' => array(
'logout_path' => '/admin/logout',
)
),
));
$app['security.access_rules'] = array(
array('^/admin', 'ROLE_ADMIN'),
array('^/', 'IS_AUTHENTICATED_ANONYMOUSLY'),
);
So a brand new user to your site would be immediately authenticated anonymously, until they login with a role that allows them to access /admin.
It's also worth noting that if you were to have your login form within admin area, as something like /admin/login. Them you would need to add an anonymous access rule for the login URL.
Hope this helps!

set default value for custom field type: list_boolean / options_onoff

$instance = array(
'field_name' => $field_name,
'entity_type' => $entity,
'bundle' => $bundle,
'field types' => 'list_boolean',
'widget' => array(
'type' => 'options_onoff',
'settings' => array('display_label' => 1)
),
'default_value' => array(array('value' => 1)),
);
this is not taken, and i have to save it twice in the admin contenttype - field/edit,
until it takes it ...
i now exported the finished field with the features module,
and took the generated code - suddenly it works, with default_value
i guess i was missing the property module on the field, also field types is inexistant ..
In your field definition, you have to set the allowed_values in the settings array in order for the default_value in the instance to get picked up.
so like this assuming you are doing this in a module
$fields[] = array(
'field_name' => '$field_name',
'type' => 'list_boolean',
'settings' => array(
'allowed_values' => drupal_map_assoc(range(0, 1)),
),
);
Instead of using 'default_value', I got it to work by using 'default_value_function' and creating a function that returns array(array('value' => 1)).

Correct way to use Drupal 7 Entities and Field API

I'm trying to use Drupal 7's entities and field API to correctly build a new module. What I have been unable to understand from the documentation is the correct way to use the new API to create a 'content type' (not a node type) with a number of set fields, such as Body.
I'm trying to set up the entity using hook_entity_info, then I believe I need to add the body field using field_create_instance, but I can't seem to get it to work.
In mycontenttype.module:
/**
* Implements hook_entity_info().
*/
function mycontenttype_entity_info() {
$return = array(
'mycontenttype' => array(
'label' => t('My Content Type'),
'controller class' => 'MyContentTypeEntityController',
'base table' => 'content_type',
'uri callback' => 'content_type_uri',
'entity keys' => array(
'id' => 'cid',
'label' => 'title',
),
'bundles' => array(
'mycontenttype' => array(
'label' => 'My Content Type',
'admin' => array(
'path' => 'admin/contenttype',
'access arguments' => array('administer contenttype'),
),
),
),
'fieldable' => true,
),
);
return $return;
}
/**
* Implements hook_field_extra_fields().
*/
function mycontenttype_field_extra_fields() {
$return['mycontenttype']['mycontenttype'] = array(
'form' => array(
'body' => array(
'label' => 'Body',
'description' => t('Body content'),
'weight' => 0,
),
),
);
return $return;
}
Then does this go in the .install file?
function mycontenttype_install() {
$field = array(
'field_name' => 'body',
'type' => 'text_with_summary',
'entity_types' => array('survey'),
'translatable' => TRUE,
);
field_create_field($field);
$instance = array(
'entity_type' => 'mycontenttype',
'field_name' => 'body',
'bundle' => 'mycontenttype',
'label' => 'Body',
'widget_type' => 'text_textarea_with_summary',
'settings' => array('display_summary' => TRUE),
'display' => array(
'default' => array(
'label' => 'hidden',
'type' => 'text_default',
),
'teaser' => array(
'label' => 'hidden',
'type' => 'text_summary_or_trimmed',
),
),
);
field_create_instance($instance);
}
I think your problem is that if node module is installed, there is already a field named 'body'. You should either re-name your field to something like 'mycontenttype_body' (comment.module uses comment_body), or re-use the 'body' field and skip the adding the field part and skip to adding the instance of it. The former is recommended over the latter.
Every field has an array property, entity_types, which limits the entities to which the field can be attached.
The best Drupal solution I can find, hook_field_create_field, can alter fields as they are created, but that's no good for the body field which is created on installation.
So my solution is just to edit the database directly in my hook_install
$data_col = db_query("SELECT data from field_config where field_name = 'body'")->fetchAssoc();
$data = unserialize($data_col['data']);
$data['entity_types'][] = 'MY_ENTITY_TYPE';
db_update('field_config')
->fields(array('data' => array('data' => serialize($data))))
->condition('field_name', 'body')
->execute();
just started down the same path here is a video from fago
Here's a nice repo to start: Lawmakers entity

Resources