I have a particular module in Symfony 1.4.13 that is set to be secured by default in its security.yml file. I have one particular object action that I would like accessible by anyone (logged out users), but can’t seem to find the correct way to right out action’s name in the YAML file to get a match on it.
Specifically, I have a project module with the typical index, show, create, etc. actions, as well as a runReport object action (so the action method’s name is executeListRunReport). The security.yml file is as follows:
all:
is_secure: true
index:
credentials: pm_view
show:
credentials: pm_view
filter:
credentials: pm_view
runReport: # This is the one that is giving me problems
is_secure: false
My method in actions.php is:
public function executeListRunReport(sfWebRequest $request) {
...
}
This works just fine for a logged in user when going to project/[idOfObject]/ListRunReport.
How can I write the security.yml file to allow anyone to access that action (directly from a URL that I generate by hand for example) without having to log in? Thanks!
Turns out the problem was with the way I was naming the element in security.yml (sorry if the question wasn’t clear enough to indicate this was probably the original problem).
It works with listRunReport, so the code would like like:
@arsenik was correct in that the all: is_secure: true was unnecessary, but unfortunately that didn’t solve the problem (it can remain).
Lesson is that when using list object actions that end up getting named as executeListXYZ, it has to be labeled as listXYZ in security.yml.