Development

#4395 (sfObjectRoute should allow security checks before loading resources)

You must first sign up to be able to contribute.

Ticket #4395 (closed enhancement: fixed)

Opened 5 years ago

Last modified 5 years ago

sfObjectRoute should allow security checks before loading resources

Reported by: nicolas Assigned to: fabien
Priority: minor Milestone: 1.2.0
Component: routing Version: 1.2.0 DEV
Keywords: sfObjectRoute Cc:
Qualification: Design decision

Description

Symfony 1.2 new RESTful routing system should allow "lazy" calling of sfObjectRoute loading method, eg. to allow hooking in the security checks: maybe we don't want to load object(s) if the user is not allowed to (currently, the routing procedures are ran before the security rules are applied).

Possible sysnopsis:

  1. sfObjectRoute route is matched regarding the incoming url,
  2. An event is dispatched here (named route.object_requested?), then:
    • if callback return false, HTTP 403 (defaut secure action), else:
    • if true, really execute the query and retrieve the resource

This could ensure a kind of REST authentication handling. Of course caching could solve the problem but we don't always use it for every project.

Change History

09/26/08 11:05:49 changed by fabien

  • status changed from new to closed.
  • resolution set to fixed.

(In [11794]) [1.2] changed the way routes work, objects are not injected automatically anymore in the request attributes (closes #4395)