ssossossossosso

Forums

Covering OroCRM topics, including community updates and company announcements.  Subscribe

Forums Forums OroPlatform OroPlatform – How do I? Questions How create controller action without requiring user authorization?

This topic contains 11 replies, has 3 voices, and was last updated by  Yurii Muratov 1 year, 11 months ago.

  • Creator
    Topic
  • #30387

    maksold
    Participant

    I need to create controller action, which doesn’t require user authorization. So everyone could see create page without authorization. Is it possible to do in OroPlatform?

Viewing 11 replies - 1 through 11 (of 11 total)
  • Author
    Replies
  • #30388

    Yurii Muratov
    Participant

    Hi, @maksold.
    Yes, it’s possible.
    For this, in security.yml config file you should add new firewall that will allow access to some routes for anonymous users (without authorization). This firewall should be added before main firewall:

    With this firewall, all url that start with anonymous, for example http://domain.com/anonymous/some_data, will have access for non logged users.

    After this, you can create your controller action that will be available for all users.

    But in this case, in template of your action, you should not use standart oro action templates because they have a lot of ACL checks which will not work at such page.

    #30389

    maksold
    Participant

    Thanks, @yurio, but it doesn’t work(((

    1) I edited vendor/oro/platform/src/Oro/Bundle/DistributionBundle/Resources/config/security.yml

    2) Here is my controller and routing.yml => https://www.evernote.com/l/APIAbnQ3YrZB9rY-OSec3WuI4u41DF4mq64
    3) Then I cleared cache.

    When I’m opening my http://orocon.dev/web/app_dev.php/oroapi/index, it redirects to login page. But when I open this ulr as logged in user, it works.

    Here is request Timeline (when user is logged out) => https://www.evernote.com/l/APLcLnw5b4lArro4Hck3_F8KyjQNnbQr6rA

    What is wrong? Why it redirects me to login page?

    #30390

    maksold
    Participant

    Can any one help?

    #30391

    Yurii Muratov
    Participant

    Hi, @maksold.
    You should edit app/config/security.yml file, not the security.yml from the DistributionBundle.
    Here my configuration what works:

    app/config/security.yml file: https://gist.github.com/yurio/01b39ff792be73c25851
    At line 43 i have anonymouspages firewall what allow links started with anonymous.

    The next thing, i have test bundle AcmeAnonymousBundle. src/Acme/Bundle/AnonymousBundle/Resources/config/oro/routing.yml file:
    https://gist.github.com/yurio/77eabe9c511ae8e52731

    And the controller: https://gist.github.com/yurio/31a5e3e9ab76d8d0842a

    #30392

    Rodolfo
    Participant

    Hi @yurio,

    Do you know an alternative way to create a page without authentication only editing files from inside a bundle? I’m developing something that will call orocrm using webhooks. (similar idea of what we have now with tracking javascript calling tracking.php)

    I’m thinking to create a method to move the endpoint file from the bundle to /web folder but obviously not sure if it’s the best approach.

    Thank you.

    #30393

    Rodolfo
    Participant

    Editing DependencyInjection to load security.yml generates this:

    Fatal error: Uncaught exception ‘Symfony\Component\DependencyInjection\Exception\InvalidArgumentException’ with message ‘There is no extension able to load the configuration for “security”

    So.. Why DistributionBundle can override security.yml and my bundle not?

    Thanks!!

    #30394

    Yurii Muratov
    Participant

    Hi, @rbandeira.

    security.yml file in DistributionBundle does not override main application security.yml file. This bundle have own start point install.php in web directory.
    This start point have own kernel class DistributionKernel in app directory.
    This kernel have own main config files that stores at app/config/dist directory.
    config.yml file from this directory imports security.yml file from the DistributionBundle.

    In your case, if you just want to create anonymous firewall from your bundle, you can do it with Resources/config/oro/app.yml file in your bundle. Here you can add application configurations. And here you can modify security preferences too. Some info about this file you can find here https://github.com/orocrm/platform/blob/master/src/Oro/Bundle/PlatformBundle/README.md#add-application-configuration-settings-from-any-bundle.
    We use app.yml file to modify security firewalls in SSOBundle https://github.com/orocrm/platform/blob/master/src/Oro/Bundle/SSOBundle/Resources/config/oro/app.yml.
    And our orocommerce application use app.yml file to add custom security firewalls for this application https://github.com/orocommerce/orocommerce/blob/master/src/OroB2B/Bundle/AccountBundle/Resources/config/oro/app.yml.

    #30395

    Rodolfo
    Participant

    Hi @yurio

    Thanks for the information. I added the Resources/config/oro/app.yml. Debugging the class YamlCumulativeFileLoader I can see the file being loaded by Oro.

    But the application keeps redirecting the requests to /user/login. I tried to set the priority on bundle config to -100, -1000 and nothing.

    Do you know what else should I verify in order to bypass this login page?
    Thank you.

    This is my app.yml:

    Route:

    #30396

    Rodolfo
    Participant

    Hi @yurio

    dev.log
    :

    [2015-12-16 16:25:12] security.INFO: An AuthenticationException was thrown; redirecting to authentication entry point. {“exception”:”[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationCredentialsNotFoundException: A Token was not found in the TokenStorage.

    oro/app.yml:

    Do you know something else that can help me? It should be working. Even configuring exactly with the same structure we can see here doesn’t work.

    #30397

    Rodolfo
    Participant

    Found what was going on.

    I thought that anonymouspages directive was in master branch of oro. (security.yml). Adding it manually works.

    Thank you

    #30398

    Yurii Muratov
    Participant

    Hi, @rbandeira.

    If you work at 1.8 platform, you should add your new firewall to main security.yml file.
    In 1.9-RC we have a possibility to add custom firewalls at the bundle level.

Viewing 11 replies - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.