Open tad3j opened 10 years ago
Looks like for ZfcUser module they've decided to go ahead with routes instead of URI (https://github.com/ZF-Commons/ZfcUser/pull/487/files), saying that it's insecure using the URI, so I was wondering if there is any chance to change this module to work with ZfcUser? I guess we could replace URI with route redirect, or maybe use both versions? I guess for using both an additional "else if" could be added for "append_previous_route" option here: https://github.com/ZF-Commons/zfc-rbac/blob/02a5593a916554cda9d6497b3dd9da0512935c8d/src/ZfcRbac/View/Strategy/RedirectStrategy.php#L86
What do you guys think?
Hi. I'm not sure to understand. The append_previous_uri cannot be used for routes, as it is a copy of the route that was not accessible. When we retrieve the URL that was tried to be accessed, we definitely cannot transform an URI to a route. And even if we could, we would loose some important parameters like query parameters.
Or did I misunderstood something...
No, I think you are right, I haven't thought about that. Was just brainstorming on how to fix this compatibility issue, but looks like ZfcUser should then use URI as well, in order to work with ZfcRbac I guess.
Sorry to bring this up, again. But imho the append_previous_uri
feature doesn’t make much sense without support for zfc-user’s use_redirect_parameter_if_present
setting. Wasn’t this the reason this was introduced in the first place?
Is there any way to solve this? E.g. with another option like append_previous_route
(ignoring query params, of course)? Is it possible for zfc-rbac to fetch the inaccessible route, if you have Controller guards in place?
Its possible to override the ZfcUser RedirectCallbackFactory in the config of your module
'service_manager' => array(
'factories' => array(
'zfcuser_redirect_callback' => 'Application\Factory\RedirectCallbackFactory',
),
),
which will let you insert your own RedirectCallback in the default ZfcUser\Controller\UserController. in the RedirectCallback, you can write a function to match urls to a RouteMatch, and if avaibable redirect to the url of that matched route.
$request = new Request();
$request->setMethod(Request::METHOD_GET);
$request->setUri($redirect);
$match = $this->router->match($request);
if (!$match) {
return $redirect;
}
protected function getUrlFromRouteOrMatch($routeOrRouteMatch)
{
if ($routeOrRouteMatch instanceof RouteMatch) {
$params = $routeOrRouteMatch->getParams();
$routeName = $routeOrRouteMatch->getMatchedRouteName();
} else {
$params = [];
$routeName = $routeOrRouteMatch;
}
return $this->router->assemble(
$params,
['name' => $routeName]
);
}
dont forget to set the
'previous_uri_query_key' => 'redirect'
Before I implemented ZfcRbac I was redirecting user after login via ZfcUser "use_redirect_parameter_if_present", but I somehow can't get it working now. If I have that option enabled in ZfcUser and ZfcRbac at the same time, I get an error because the 1st one expects ROUTE to be passed as "redirectTo" parameter and the 2nd one is passing URL. Is there a way around it or should that get changed on one or the other side to keep them compatible?
Edit: I think that using URL for redirect is more flexible than using route only, so I'll open an issue on ZfcUSer instead: https://github.com/ZF-Commons/ZfcUser/issues/473