Provide options to disable certain actions

[deanc]

Hi,

I suggest providing global options to disable the following actions within SimpleUser:

• Registration - some people might use SimpleUser to manage administration, but prefer to add users manually (or via database)
• Login/logout - under certain circumstances it might be preferable to disable the ability to login/logout for anyone but administrators.
• User list - many people might not want to show the full list of users. This is a security risk in fact, to show the full list of users (including admins)

I'm happy to work on a PR for this, let me know :)

[jasongrimes]

Hi Dean,

I like this idea.

I won't have a chance to follow up until the new year, but I'm planning to dig out of the backlog of issues on this project in mid-January.

Thanks for this (and the rest of your recent suggestions).

Jason

[WillGibson]

I'm just experimenting with silex-simpleuser for something at work and we would also need to be able to disable registration and the user list. Not sure where you guys got with this, but I'd be happy to pitch in on this during our spike day tomorrow.

[enzolutions]

Hi folks

I had a similar need to disable path = user/list to non Admin users, so I used the following configuration.

$app['security.access_rules'] = array(
  array('^/user/list', 'ROLE_ADMIN'),
);

After apply this is an anonymous try to access user/list is redirected to /user/login, if the user is logged but not admin user get the following error

Whoops, looks like something went wrong.

If I try to access with an Admin users the page is render properly.

About the error I am not sure why I am getting that error, could be the controller itself, but I didn't confirm yet. any help is accepted.

enzo

[deanc]

This obviously should be a configuration option further down the line, but I was wondering if we could simply over-ride the route. I couldn't get that working. Your solution is acceptable I think enzolutions for now :)