Recently I was working on a project in which it admins were able to impersonate other users. It’s a fairly easy task to add to Symfony2, merely adding a switch_user reference to your firewall can make it possible, consult the Symfony docs for more on that. One thing I noticed was that every now and then when testing I would get weird errors after switching between multiple users, however it didn’t always happen. After some digging around, it turns out when you switch user it does not clear that sessions attributes, ie if you set attribute ‘hello’ to value ‘world’ it would persist after you’ve impersonated another user. This caused a few issues as on this application we used the session to store a few things like which set of database connections you currently use.
After looking at the SecurityBundle configuration setup it was clear that there wasn’t any options to have it clear all session attributes on switch user. At this point it was clear I needed to use an event listener as the firewall dispatched the SwitchUserEvent when a user successfully switched user. Below is an excerpt from my services.yml
This makes it so that it will call the following code on a successful impersonation of a user:
It’s as simple as that, you can get the actual user by calling $event->getTargetUser(). Long story short, the session can have some tainted values when using switch user as all attributes are not cleared.
Just a quick one out there as I saw a bunch of posts trying to get around the following error:
The error of the occurs on the cache warmup part of the clearing. After looking around people referenced a bunch of different solutions, the most popular being to do a –no-warmup. However, we wanted to try to fix the problem rather than just avoid warming the cache.
The solution fairly quick and really easy. This is using 2.1.X of Symfony and 1.3.* of the JMSDiExtraBundle. Before we had in our AppKernel.php the following:
I noticed in one of the docs for the JMSDiExtraBundle it has the JMSAopBundle in the list BEFORE JMSDiExtraBundle. We tried moving this up and had success, so the final one looked like:
Hope this saves someone some time.
Last week, I was looking to install the VichUploaderBundle into a Symfony2 project to automatically handle file uploads. As I was looking through the Vich documentation I ran across a chunk describing being able to use Gaufrette to skip the local filesystem and push files directly to Amazon S3. Since we’d eventually need to load balance the app and push uploaded files to S3 anyway, I decided to set it up out of the gate. Unfortunately, the documentation for setting up Vich with Gaufrette is a bit opaque so here’s a step by step guide to getting it going.
The first thing you’ll want to do is install all the required packages. If you’re using Composer, the following will work:
Once all the packages are installed, you’ll need to configure *both* Gaufrette and Vich. This is where the documentation broke down a bit for me. You’ll need your Amazon AWS “Access Key ID” and “Secret Key” which are both available at https://portal.aws.amazon.com/gp/aws/securityCredentials if you’re logged into AWS.
Once everything is configured at the YAML level, the final step is adding the Vich annotations to your entities.
Make sure you add the “@Vich\Uploadable” annotation to your Entity or Vich will fail silently.
The “mapping” specified in “@Vich\UploadableField(mapping=”logo”, fileNameProperty=”logo”)” needs to match the value under “vich_uploader.mappings” which you defined in config.yml
Finally, one last “gotcha” to be cognizant of is this bug – https://github.com/dustin10/VichUploaderBundle/issues/123. Since Vich uses Doctrine lifecycle callbacks to manage files, if no Doctrine fields are changed then the Vich code isn’t executed. The easiest way to get around this (and what we used), is just to manually update the “updated_at” column every time a form is submitted to ensure that the upload handling code is executed.
Anyway, as always, questions and comments are welcome.
Recently I was working on a project where I kept finding myself ordering a relation over and over by other than something than ID order (ie id= 1,2,3,4,5). For example, I always wanted my relation to be ordered by the ‘name’ field, rather than the ID or order it was inserted into the DB. Let’s take this schema as an example:
The issue is each time I attempted:
I wanted the output to be in alphabetical order for example. To make this the default for that relation you can add the following annotation to your ‘Post’ entity:
Now if you do “$post->getPostAttachments()” they’ll be automatically in order. The ‘@ORM\OrderBy’ column takes care of the ordering automatically. You can specify as many columns on the relation as you’d like there. In addition, this will make it so that all form collections on post with post_attachments are also ordered by name, rather than ID. This affects the relation call every time. If you are only looking into having it some of the time, look into using the repository to do the ordering for those calls.
Earlier this week, a buddy of mine reached out looking for interesting Symfony2 resources that went beyond the “basic” tutorial type content. He was looking to really get into the “nitty gritty” of the framework, how larger projects are using it, and hopefully understand some of the philosophy behind service oriented architectures, dependency injection, and behavior driven development.
Not wanting to leave him hanging, Daum and I took to Slideshare to compile a list of presentations that we thought demonstrated some of these concepts well. Anyway, here is the list we came up with.
How Kris Writes Symfony Apps
You’ve seen Kris’ open source libraries, but how does he tackle coding out an application? Walk through green fields with a Symfony expert as he takes his latest “next big thing” idea from the first line of code to a functional prototype. Learn design patterns and principles to guide your way in organizing your own code and take home some practical examples to kickstart your next project.
Practical BDD with Behat and Mink
An introduction into behavior-driven development with Behat and Mink. A Symfony2 application is used for examples.
This was presented in the Top Shelf PHP tutorial at OSCON 2011: http://www.oscon.com/oscon2011/public/schedule/detail/18980
There were some issues converting from ODP, so a PDF version is here: http://jmikola.net/slides/20110725_bdd.pdf
BDD in Symfony2
Quality assurance is one of the most difficult things to implement around software development. Most of time it is left for the final phase of development and very often overlooked entirely. As many experienced web development teams already know, QA needs to be part of the development process from the get-go. Behavior development/testing is just one aspect of quality assurance. And we’ll talk about that.
Being Dangerous with Twig
Twig – the PHP templating engine – is easy to use, friendly and extensible. This presentation will introduce you to Twig and show you how to extend it to your bidding.
Dependency Injection in PHP 5.3/5.4
If you have other presentations you think we should check out, leave them in the comments or shoot us a tweet @setfive.