Authentication and authorization
Magento features a complete user management system. Unlike Mouf, Magento's front does not feature a system to manage authorization via permissions. Customers can be stored in groups, but Magento does not allow to bind those groups to special permissions. Magento's back-office has this capability, but this is out of Moufgento scope.
Mouf features an authentication system named UserService and a authorization system named RightsService.
Moufgento only maps the user service of Mouf to Magento user management system. Nothing is done for the right service since the permissions notion does not exist natively in Magento.
When you install Moufgento, the install process will create one instance related to authentication:
userService
: an instance of theMagentoUserService
class that is compatible with theUserServiceInterface
Many Mouf packages rely on the userService
, and therefore, can be fed the MagentoUserService
.
A few examples of what you can do with this objects:
// Connects the user
Mouf::getUserService()->login('login', 'password');
// Returns whether a user is connected or not
$isLogged = Mouf::getUserService()->isLogged();
// Returns the login of the current logged user
$login = Mouf::getUserService()->getUserLogin();
You can also use the @Logged
annotation in your actions code to force a user to be logged to access some URL:
/**
* @URL my-protected-url/
* @Logged
*/
function index() {
// You must be logged to access this page
}
Found a typo? Something is wrong in this documentation? Just fork and edit it!