eZ Community » Forums » eZ Publish 5 Platform » Symfony user vs eZ Publish user ?

Symfony user vs eZ Publish user ?

Symfony user vs eZ Publish user ?

Tuesday 09 September 2014 6:09:38 pm - 5 replies


From my testing I find out that in ez5 there is two level of users :

  • symfony (user token : ez\Publish\Core\MVC\Symfony\Security\User)
  • eZ Publish (repository user : eZ\Publish\API\Repository\Values\User\User)

Whenever we change the current user from the User Service (setCurrentUser), it (apparently) only affects the "ez Publish" user, while the "symfony user" stay unchanged.

Is it normal ?

In the structure of the ezPublish user I did see any bridge (if any exists) between this two different type of user objects. Did I miss something ?



Tuesday 09 September 2014 6:28:47 pm

Repository does not know about sessions and cookies, so this is normal and intended.

Look to the authentication documentation (on symfony online doc + doc.ez.no + the one in vendor/ezsystems/ezpublish-kernel/doc/specifications) for how to deal with users in term of symfony.

Tuesday 09 September 2014 7:53:31 pm

Hi Andre,

Thanks for your reply.

I did look at these different sources, but I did not find a place where these two types are clearly described together.

This behaviour is different from previously : in ez4, when you switch user it was globally and at the session level, whereas now it is at a request level and only for the rights management part, and this is not straightforward to understand.

Was it a design choice or a technical fallback choice to have these two entities (ez user and symfony user) not synchronized when a user change occurs ?



Tuesday 09 September 2014 9:45:54 pm

Several security issues on legacy involved code setting admin as current user to be able to do some changes and then crashing half way true making current user admin. So making sure user on Repository is not affecting your current session was a clear design choice.

Friday 12 September 2014 11:18:30 am

While I agree with Andre that there are real benefits from this choice, I also think that it is a somewhat unique approach, and that it will catch most developers off-guard.

I have looked at the docs inside the kernel folder, and there is nothing in there which explains this as clearly as the forum post above. I hope someone could pick it up from here and improve the docs a bit...

Sunday 14 September 2014 12:08:19 am

I'm definitely going to try that and report.


You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from