ssossossosso

Forums

Covering OroCRM topics, including community updates and company announcements.  Subscribe

This topic contains 11 replies, has 3 voices, and was last updated by  Yurii Muratov 1 year, 8 months ago.

  • Creator
    Topic
  • #13243

    maksold
    Participant

    I need to create controller action, which doesn’t require user authorization. So everyone could see create page without authorization. Is it possible to do in OroPlatform?

Viewing 11 replies - 1 through 11 (of 11 total)
  • Author
    Replies
  • #13255

    Yurii Muratov
    Oro Core

    Hi, @maksold.
    Yes, it’s possible.
    For this, in security.yml config file you should add new firewall that will allow access to some routes for anonymous users (without authorization). This firewall should be added before main firewall:

    With this firewall, all url that start with anonymous, for example http://domain.com/anonymous/some_data, will have access for non logged users.

    After this, you can create your controller action that will be available for all users.

    But in this case, in template of your action, you should not use standart oro action templates because they have a lot of ACL checks which will not work at such page.

    #13262

    maksold
    Participant

    Thanks, @yurio, but it doesn’t work(((

    1) I edited vendor/oro/platform/src/Oro/Bundle/DistributionBundle/Resources/config/security.yml

    2) Here is my controller and routing.yml => https://www.evernote.com/l/APIAbnQ3YrZB9rY-OSec3WuI4u41DF4mq64
    3) Then I cleared cache.

    When I’m opening my http://orocon.dev/web/app_dev.php/oroapi/index, it redirects to login page. But when I open this ulr as logged in user, it works.

    Here is request Timeline (when user is logged out) => https://www.evernote.com/l/APLcLnw5b4lArro4Hck3_F8KyjQNnbQr6rA

    What is wrong? Why it redirects me to login page?

    #13329

    maksold
    Participant

    Can any one help?

    #13350

    Yurii Muratov
    Oro Core

    Hi, @maksold.
    You should edit app/config/security.yml file, not the security.yml from the DistributionBundle.
    Here my configuration what works:

    app/config/security.yml file: https://gist.github.com/yurio/01b39ff792be73c25851
    At line 43 i have anonymouspages firewall what allow links started with anonymous.

    The next thing, i have test bundle AcmeAnonymousBundle. src/Acme/Bundle/AnonymousBundle/Resources/config/oro/routing.yml file:
    https://gist.github.com/yurio/77eabe9c511ae8e52731

    And the controller: https://gist.github.com/yurio/31a5e3e9ab76d8d0842a

    #13632

    Rodolfo
    Participant

    Hi @yurio,

    Do you know an alternative way to create a page without authentication only editing files from inside a bundle? I’m developing something that will call orocrm using webhooks. (similar idea of what we have now with tracking javascript calling tracking.php)

    I’m thinking to create a method to move the endpoint file from the bundle to /web folder but obviously not sure if it’s the best approach.

    Thank you.

    #13633

    Rodolfo
    Participant

    Editing DependencyInjection to load security.yml generates this:

    Fatal error: Uncaught exception ‘Symfony\Component\DependencyInjection\Exception\InvalidArgumentException’ with message ‘There is no extension able to load the configuration for “security”

    So.. Why DistributionBundle can override security.yml and my bundle not?

    Thanks!!

    #13638

    Yurii Muratov
    Oro Core

    Hi, @rbandeira.

    security.yml file in DistributionBundle does not override main application security.yml file. This bundle have own start point install.php in web directory.
    This start point have own kernel class DistributionKernel in app directory.
    This kernel have own main config files that stores at app/config/dist directory.
    config.yml file from this directory imports security.yml file from the DistributionBundle.

    In your case, if you just want to create anonymous firewall from your bundle, you can do it with Resources/config/oro/app.yml file in your bundle. Here you can add application configurations. And here you can modify security preferences too. Some info about this file you can find here https://github.com/orocrm/platform/blob/master/src/Oro/Bundle/PlatformBundle/README.md#add-application-configuration-settings-from-any-bundle.
    We use app.yml file to modify security firewalls in SSOBundle https://github.com/orocrm/platform/blob/master/src/Oro/Bundle/SSOBundle/Resources/config/oro/app.yml.
    And our orocommerce application use app.yml file to add custom security firewalls for this application https://github.com/orocommerce/orocommerce/blob/master/src/OroB2B/Bundle/AccountBundle/Resources/config/oro/app.yml.

    #13646

    Rodolfo
    Participant

    Hi @yurio

    Thanks for the information. I added the Resources/config/oro/app.yml. Debugging the class YamlCumulativeFileLoader I can see the file being loaded by Oro.

    But the application keeps redirecting the requests to /user/login. I tried to set the priority on bundle config to -100, -1000 and nothing.

    Do you know what else should I verify in order to bypass this login page?
    Thank you.

    This is my app.yml:

    Route:

    #15369

    Rodolfo
    Participant

    Hi @yurio

    dev.log
    :

    [2015-12-16 16:25:12] security.INFO: An AuthenticationException was thrown; redirecting to authentication entry point. {“exception”:”[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationCredentialsNotFoundException: A Token was not found in the TokenStorage.

    oro/app.yml:

    Do you know something else that can help me? It should be working. Even configuring exactly with the same structure we can see here doesn’t work.

    #15370

    Rodolfo
    Participant

    Found what was going on.

    I thought that anonymouspages directive was in master branch of oro. (security.yml). Adding it manually works.

    Thank you

    #15380

    Yurii Muratov
    Oro Core

    Hi, @rbandeira.

    If you work at 1.8 platform, you should add your new firewall to main security.yml file.
    In 1.9-RC we have a possibility to add custom firewalls at the bundle level.

Viewing 11 replies - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.