I made a custom Document Manager for my project implementing some new low level functions (following this post).
Now I would like to inject a custom configuration in my new Document Manager (I suppose it would be the same with an Entity Manager). I have no idea of how to do this...
I want this config in my yaml files to set my custom Document Manager's parameters. The only way I found until now is to write a static function returning a hardcoded array of configuration, but it's a little dirty...)
Is there a proper way or an alternative to do this?
For defining custom configuration in the conig.yml file, use this symfony docs. You can access those configurations easily in a controller:
$this->container->getParameter(name_of_bundle_here)
Related
I have a Symfony 4 app which is complete and working. Any uploaded files are put inside an upload folder outside the doc root and accessed via a separate cdn url.
Inside the upload folder I have a htaccess file that redirects any request, let’s say for example an image, to a php file which then serves the image.
What I want to be able to do is send an auth key along with the image request so that the standalone index.php file can check the user is valid from the database.
This means I need some way of accessing the symfony entity manager from outside of symfony, by including it. The other option would be a curl request to a symfony controller, but I’d rather not add additional network requests if possible. The third option is a separate pdo direct to the database and make sql queries... but again I’d prefer to use the symfony entity manager by including symfony somehow so I can use other features if needed.
I actually tried including the symfony bootstrap in the index.php but that then drags in the need for routing to work which isn’t needed in this case.
You can access EntityManager like that:
require __DIR__.'/../vendor/autoload.php';
(new Dotenv())->load(__DIR__.'/../.env');
$kernel = new Kernel('dev', true);
$kernel->boot();
$user = $kernel->getContainer()->get('doctrine.orm.entity_manager')->getRepository(Repo::class)->find(id);
dd($user->getRoles());
I'm trying to create an entity listener to my entity like described in
http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/reference/events.html#entity-listeners
The reference I found in the Symfony docs is
http://symfony.com/doc/current/cookbook/doctrine/event_listeners_subscribers.html#creating-the-listener-class
which has a note talking about entity listeners.
If I put my FooListener in the same folder as the Foo entity (AppBundle\Entity in this case) and make the annotation #EventListener, the listener works. But I don't want to leave the listeners in the Entity folder, and I don't want to create extra configuration by registering the listener as a service if I don't need to. What is the best practice here?
You could try use full path to FooListener f.e.
#ORM\EntityListeners({"AppBundle\EventListener\FooListener"})
I am creating an app that will be extended by several bundles. Users will have access to different bundles based on roles. Some of these bundles will have configuration options, and I want one page with all config forms.
What I want to do is create a page that every bundle will "hook" into, and show the configuration form if the bundle has one.
There will also be a dashboard page that each bundle should "hook" into and show a dashboard widget.
Is there any way of achieving this in symfony? And if so, how?
I finally understood the The DependencyInjection Component so I guess the answer lies there. In detail, I will try to create an event in the configuration controller, and all bundles will have a subscriber to this event, and somehow have the forms available for the configuration twig file. But that is another question.
1.
I am managing a website which uses Adobe CQ5 as their management system. I am aware that there is a tool querybuilder.json in the /bin folder -- My question is, if an outside user would use this tool which API-syntax would they use to query "important" or "sensitive information". I need to know this so that I can block access to those syntax strings during GET or POST. Any help is appreciated, thanks!
So, what I'm asking is, if an attacker got access to the query builder link, would he be able to query passwords or internal login's, if so how? And if that, which syntax for the query builder can i remove to provoke this?
2.
Also, would anyone be able to tell me the proper syntax for the adobe querybuilder that can give you the hostname or web location where the directory that it lists is located?
So for example, if I got back /apps/geometrixx/user/login as output, I would also want to get the url that this file path is at on my server. Is there a syntax available for this action?
Please consider disabling all requests to paths starting with /bin prefix for your publish instance.
This is a common storage for all servlets that are very useful for authoring but not as much for the other instance.
If you have any custom servlets in the application please take a look at Apache Sling documentation and consider using resource based servlets.
#SlingServlet(
resourceTypes = "sling/servlet/default",
selectors = "hello",
extensions = "html",
methods = "GET")
public class MyServlet extends SlingSafeMethodsServlet {
This way you can control the access to the servlet using ACLs - if you have an access to the node (i.e. you can see it/render a component based on this resource) you will have an access to the servlet.
The best way to prevent unauthorized access to tools like this, is to deny *.json on your dispatcher and only allow calls to your application specific json. A good start what you should do can be found in the Security Checklist.
A documentation regarding the Query Builder can be found here: http://docs.adobe.com/docs/en/aem/6-0/develop/search/querybuilder-api.html
I have a custom implementation of IResourceProvider and ResourceProviderFactory. Now the default way of making sure ASP.NET uses these custom types is to use the web.config and specify the factory like so:
<globalization resourceProviderFactoryType="Product.Globalization.TranslationResourceProviderFactory" />
This works perfectly, except that in my resource provider I need database access. I want to use my IoC-container(Ninject) to inject the repositories needed to access this data into the CustomResourceProvider. But how am I going to do this? I have no control over the instantiation of the factory, so the factory can't get a reference to my IoC.
Is there any way to register a custom provider programmatically, in for example the Global.asax?
Your custom implementation of ResourceProviderFactory could use the DI framework to retrieve the instance of IResourceProvider.