search

kayue / KayueWordpressBundle

A Symfony 2 bundle for providing WordPress repositories and authenticating users (login).
101 stars 43 forks source link

Users in other sites but not main site will not have any roles #22

Closed luiges90 closed 9 years ago

luiges90 commented 11 years ago

In multisite Wordpress installations, if users are registered in other sites but not the main site, they will not have any roles when loaded by this bundle.

It is because the meta key is hardcoded in https://github.com/kayue/KayueWordpressBundle/blob/master/Model/User.php#L324

luiges90 commented 10 years ago

I think it is not possible to determine which blog_id we should use simply in the abstraction layer of this bundle. The blog_id would be passed from higher abstraction layer.

i.e. The user would determine when to use the settings from site 1 (wp_capabilities), when to use site 2 (wp_2_capabilities), etc...

To make $this->get('security.context')->isGranted('ROLE_WP_ADMINISTRATOR') work, we need to somehow let the security context knows which site we are talking about.

I am thinking about creating multiple security contexts. However, to make our bundle works in any number of sites, we would need to somehow create a Security Context Factory, and this entails a Firewall Factory. Can Symfony do that? hm...

A mere constant explodes into much more difficult solution, ouch...

Let's see if there are easier way first.

As a side note, we could use Firewall request matchers if we need to decide which firewall to use by host.

luiges90 commented 10 years ago

A quick, dirty and inherently stupid way would be add a new method getRolesOfSite($site) in User, but this wouldn't be able to take advantage of Symfony role hierarchy and this would cause code duplication (coding the hierarchy in many places)

luiges90 commented 10 years ago

Looking into securityContext->isGranted and see if we can change something in it

mattsnowboard commented 9 years ago

Also, what about the "site_admins" key in "wp_sitemeta"? I'd like to add a ROLE_WP_SUPER_ADMIN role in that case.

But I think that involves adding support to read that table into entities, then decoding that key into an array and searching for the user in that array. I'm not sure the best place to put it in. I suppose it would have to happen around when the user is loaded from the provider?

kayue commented 9 years ago

@mattsnowboard Actually you can use Security Voter in Symfony to check user role.

Somthing similar to this: https://gist.github.com/kayue/f563394b7ee35a326aad