Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Joshua Thijssen:
Advanced user switching
Feb 25, 2015 @ 15:12:05

Joshua Thijssen has a new post today with a "neat trick" that the Symfony Security component allows - switching (impersonating) another user programatically.

This allows you to login as another user, without supplying their password. Suppose a client of your application has a problem at a certain page which you want to investigate. Sometimes this is not possible under your own account, as you don’t have the same data as the user, so the issue might not even occur in your account. Instead of asking the password from the user itself, which is cumbersome, and not a very safe thing to begin with, you can use the switch-user feature.

He talks about how to enable it, how to use it to switch to another user and, most important, how to restrict its use. He points out that there's no way to define who a user can switch to built-in, so he's come up with a custom "switch listener" to help add in this protection. His "SwitchUserListener" class replicates some of the code in the original handling (well, the whole class) and updates the "attemptSwitchUser" method to check the user they're trying to switch to and see if they have the right role. Finally he shows how to add it to the services configuration and how it overrides the default listener.

tagged: user switching advanced tutorial custom listener role access validate

Link: https://www.adayinthelifeof.nl/2015/02/24/advanced-user-switching/

Anthony Ferrara:
What's In A Type
Oct 24, 2014 @ 18:55:39

In a new post to his site Anthony Ferrara takes on the topic of typing in PHP, discussing some of the main ideas around the current typing scheme and the discussions being have about potential changes.

There has been a lot of talk about typing in PHP lately. There are a couple of popular proposals for how to clean up PHP's APIs to be simpler. Most of them involve changing PHP's type system at a very fundamental level. So I thought it would be a good idea to talk about that. What goes into a type?

He starts at the highest level, covering what "typing" is in general and some of the tradeoffs that come with being a strongly typed versus weakly typed language. He then gets into PHP's two "semi-independent type systems" - one for objects and one for everything else. He includes some code examples to illustrate and how, for the non-object handling, context means everything for how the types are switched. He also talks about polymorphism, the chaos that could come from scalars becoming objects and a current RFC suggesting the addition of "safe casting" functions to PHP to provide less "magic" when shifting values from one type to another.

tagged: type switching casting rfc proposal function weak strong

Link: http://blog.ircmaxell.com/2014/10/whats-in-type.html

Enrise.com:
REST Style Context Switching - Part 2
Jan 13, 2011 @ 18:48:57

Joshua Thijssen has written up a new post for the Enrise blog today about using REST-style context switching in Zend Framework applications with the help of a handy "RestContextSwitch" helper.

In the first part of this blog post we’ve talked about the theory behind REST services. In this post we put the theory into practice with the help of some code snippets you can implement in your own application.

He starts by helping you create a simple REST controller (well, cut-and-pasteable code, really) that can handle multiple output formats/contexts - XML, JSON and HTML. Next up is the helper (Service_Controller_Action_Helper_RestContextSwitch) that's not much different than the normal context switching helper. With that in place he moves on to the plugins - an accept-hander that sets the correct format based on the Accept HTTP header information and a media-format plugin to check "permissions" on the context to see if that type is allowed in that environment.

tagged: rest zendframework context switching html xml json

Link:


Trending Topics: