Reputation: 37
Symfony security - control which routes are accesible
I'm implementing a wizard-style process in my symfony application. It has additional buttons for 'back' and 'next' and I control which pages the user is directed to after each form is submitted.
I'd like some suggestions on how to lock down the routes once the user is in wizard mode i.e. if in wizard mode they can only access the 5 pages used in the wizard process. If they attempt to navigate to other routes while in wizard mode it redirects back to the last known route the wizard was in.
I could go into each action and add a redirect if in wizard mode but this seems like the wrong approach.
Upvotes: 0
Views: 151
Answers (1)
Reputation: 1776
A Symfony filter is a good choice here.
Put myWizardFilter.class.php in your application lib folder:
class myWizardFilter extends sfFilter { public function execute ($filterChain) { if ($this->isFirstCall() && $wizardMode && $outsideWizard) { $controller = $this->getContext()->getController(); $controller->forward('wizardModule', 'wizardAction'); throw new sfStopException(); } $filterChain->execute(); } }- You'll have to replace
$wizardModewith whatever you check to see whether or not the user is in wizard mode. - You need to check the route so that you only redirect back into wizard mode when the user tries to navigate
$outsideWizard. Otherwise, you'll get a redirect loop. Then add the filter to your filters.yml:
wizard: class: myWizardFilter
Upvotes: 1
Related Questions
- Symfony route access check
- Symfony, allow access to all routes, except one (or two)
- Prevent route access
- Symfony2: How to restrict / deny access to certain routes by IP address?
- How to prevent access to specific routes in Symfony 2
- Unable to protect route from anonimous access in Symfony2
- Symfony2 access control with routes
- Symfony2 access controll and path names
- Access control forces me to have fixed routes
- Security and routes - Symfony2