tags:

views:

453

answers:

2
Q: 

Two tables relation with sfDoctrineGuard user table (symfony)

Hy,

I have started in my web application a part who users needs to be autenticated to work with it. I have two tables related: Customer and Enterprise.... the first one are users who want to buy a product and the second one are "users" who want to sell products.

What is better way to do that? Relation 1:1 with user_table? how can i differentiate wich one user type is? Because user types only can edit some information and enterprise have acces to another modules...

Thanks a lot.

A: 

Do your tables really need to be separate? If not, you could use the standard sf_guard_user table provided with the sfGuard plugin for both types of user, and then use the groups functionality to assign the user to either the "Customer" group or the "Enterprise" group.

Checking the group that the user belonged to would allow you to display (or hide) the appropriate content for that user type. Something like this in your action:

if ($this->getUser()->hasCredential("enterprise"))
{
  // code related to Enterprise customers only
}

or using the $sf_user variable in your view/templates.

richsage  2010-02-02 22:27:53
thanks richsage, i will try it.
nebur85  2010-02-04 21:22:32
+2  A: 

You could use the hasReference() function on the model.

E.g. your model Customer has a relation to User like this:

Customer:
  relations:
    user:
      local: id
      foreignID: id
      foreignAlias: customer

Then you can test whether the user is of type customer (in the controller):

$this->getUser()->getGuardUser()->hasReference('customer');

To make this easier you can add this method to your myUser class:

public function isCustomer() {
    return $this->getGuardUser()->hasReference('customer');
}

Same of course for Enterprise.

Even using two different tables, you can make use of the hasCredential() method, and this is the easiest way if you only want to check for permission.
If you want to access certain attributes of the enterprise and customer user you can also combine both approaches.

Update:

Well, assuming that Customers and Enterprise users have different permissions, I would go with the user group approach. This fits better to the group model of sfGuard. If you then know that a user is in group Customer, you know that the user has a reference to a customer object.

But this means of course that you have to assign the the right group to a new user in order to work correctly.

Felix Kling  2010-02-02 23:17:44
thanks felix i will try it... Felix, another question... is better do what you say me "create a function called iscustomer" or manage it with group of users?
nebur85  2010-02-04 21:21:58
yes, i will assign correctly that.
nebur85  2010-02-05 14:23:17

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security