nahoSecurity plugin
===================

This plugin is the first step of a larger project of ACL in Symfony, coupled
with sfGuardUser, which will offer a full interface to define access by 
application/module/action.

The current release allows you to automatically add a dynamic credential to
your actions and modules.

Once the plugin enabled, you just have to set &quot;is_secure&quot; to `on` in your
application&#039;s security.yml, and each module/action will require the
credential &quot;application.module.action&quot;.


Installation
------------

  * Install the plugin

        $ symfony plugin-install http://plugins.symfony-project.com/nahoSecurityPlugin

  * Clear you cache

        $ symfony cc

  * Change the security filter class in `filters.yml` :

        [yml]
        security:
          class: nahoSecurityFilter 

    Whenever you have already changed this value (for example, if you use sfGuardPlugin, 
    branch 1.0, with the rememberMe feature enabled), see &quot;Configuration&quot; section below.

Configuration
-------------

See plugin&#039;s `app.yml` to get default configuration with comments :

    [yml]
    all:
      nahoSecurityPlugin: 
        
        # Set this to off to disable automatic credentials based on &quot;auto_credential_format&quot; option.
        auto_credential: on
        
        # Format of the automatic added credential : you can use %application%, %module% and %action% in this string
        auto_credential_format: 
          application: &quot;%application%&quot;
          module:      &quot;%application%.%module%&quot;
          action:      &quot;%application%.%module%.%action%&quot;
          
        # Related to auto_credential : allows to affect &quot;negative credentials&quot; to the user.
        # Example : I have &quot;frontend.example&quot; and &quot;!frontend.example.something&quot; credentials, 
        # then I&#039;ll be able to access to all the &quot;example&quot; module&#039;s actions, except &quot;something&quot;.
        auto_credential_negate: &quot;!&quot;
        
        # nahoSecurityFilter supports &quot;dynamic inheritance&quot;, change this value to make it extend another class than the usual sfBasicSecurityFilter
        # For example, if you use sfGuardPlugin with &quot;remember me&quot; filter, set this option to &quot;sfGuardBasicSecurityFilter&quot;
        filter_base_class: &quot;sfBasicSecurityFilter&quot;

  * To disable the plugin&#039;s default behavior (automatically require &quot;application.module.action&quot; in each action), set 
    `app_nahoSecurityPlugin_auto_credentials` to `off`

  * Format of the automatic credentials can be customized per-level : define `app_nahoSecurityPlugin_auto_credential_format` formats
    for each level : `application`, `module`, and `action`.
    
    In these formats, you can use keywords that will be replaced by the current element&#039;s name : 
    
      * `%application%` will be replaced by current application&#039;s name
      
      * `%module%` will be replaced by current module&#039;s name
      
      * `%action%` will be replaced by current action&#039;s name

  * The `auto_credential_negate` option defines the prefix that marks a credential as negative. Note that it cannot be stacked :
    `!permission` will cancel `permission`, but `!!permission` will not cancel `!permission`.
    
  * If you already had a customized class for `filter` security, you just have to set `filter_base_class` to this value. This way, `nahoSecurityFilter` 
    will extend the given class (what I call &quot;dynamic inheritance&quot;), and simply allow you to use both features.

TODO
----

  * nice grid/interface to define users&#039; accesses.