Need to know if I'm missing something... I'm using sfGuardPlugin and trying to get a complex credential to work... and it's not even that complex. I just can't get either AND or OR to work.
"user_a" is set up to have permission "A" in both permissions and group "A" which also has permission "A" assigned to it.
I also have a Permission "B" and a group "B" set up in the same fashion as above... however, I did not assign user_a to these permissions. To be clear: user_a only has A permissions.
Now in security I have the following (where the user needs to either have credential A or B):
dashboard:
credentials: [[A, B]]
Now when I try to have user_a access the dashboard, it fails and redirects to the credentials required page. I tried the same thing with an AND statement and set up user_a with both, using:
dashboard:
credentials: [A, B]
...again, it failed.
Now, when I remove the brackets, and just use one credential, it all works perfectly. It's just when I use them in combination, in any form, that I run into problems.
Furthermore, I have checked if the user has a single credential, using:
echo $user->hasCredential('A');
And it responds as expected: True
But if I assign the user to both A and B and then try either:
echo $user->hasCredential(array('A', 'B'), false);
or
echo $user->hasCredential(array('A', 'B'));
It responds with False.
I'm stumped. What am I missing? I MUST have at least the [[OR]] working. Has anyone else experienced this? Is there a work-around?
EDIT: code snippet in myUser.class:
public function hasCredential($permission_name)
{
//this overrides the default action (hasCredential) and instead of checking
//the user's session, it now checks the database directly.
if (!$this->isAuthenticated()) {
return false;
}
$gu = $this->getGuardUser();
$groups = $gu->getGroups();
$permissions = $gu->getPermissions();
$permission_names = array();
foreach($permissions as $permission) {
$permission_names[] = $permission->getName();
}
foreach($groups as $group) {
$group_permissions = $group->getPermissions();
foreach($group_permissions as $group_permission) {
$permission_names = array_merge($permission_names, array($group_permission->getName()));
}
}
$permission_names = array_unique($permission_names);
return (in_array($permission_name, $permission_names)) ? true : false;
}
EDIT:
The above code snippet is indeed the problem. I tested it without the code snippet and it works as expected. So my next question, is how to tweak the snippet to accommodate instances with AND or OR? Suggestions?
I'm going to close this question, because I have found the problem and I will open a new question as a result of the issue I'm having with the code snippet (which becomes a new question).