Straight to the point — I have a Symfony 1.3 / Propel 1.4 project. I have a module which is secured via is_secure: true in its own security.yml. I want this module to be accessible not only for super admins — I am using the sfGuardPlugin symfony plugin. The module is located in the backend app.
I would like to make the module accessible to users who have any value of their type property. Regular users of the site have NULL in there, all of the rest have a value of some kind. When I change the security directive to is_secure: false (just to test it), I then go to /admin and do login with a user who has some type, I get properly redirected to /admin/purchases (the only non-secured backend module) but with security error message — “You do not have access to show this page” or something along the lines.
Since I am not quite so familiar with sfGuardPlugin (and Symfony’s security in general), I would like some help as to how do I do this, please.
See documentation about action security.
Use group permissions from sfGuardPlugin to automatically ad credentials for users of your choice (see extra documentation for sfGuardPlugin in order to understand how the plugin converts user groups and permissions into credentials)