Custom Validators on Validation Groups in Symfony2.

If you are using validation groups and have created a custom validator, you will want to use it in your validation group, however its a bit different from how you would apply validators in the entity, and quite similar in-fact to how you define services.

Its similar to how you define services because you have 2 root nodes, first somewhat like services.yml’s parameters line, in this instance called ‘namespaces’, the second part matches the entities name which the validator will be applied to.

Starting out, your validator.yml file probably looks like this:

This is an example taken from my AttachmentBundle, which you can find here.

Now, when we have a custom validator, in this case, some validators to check a users quota on file uploads etc, we need to set a namespace for our custom validators, with the namespace parameter, and then reference that namespace below followed by our custom validator.

The name of the validator must be wrapped in double quotes so that Symfony2 is aware that this is using a custom validator, inside of which we first start the namespace, and secondly the validator alias.

We define the alias of our validator in our services.yml like so:

Symfony2 Voter Access Decision Strategy Explained!

The voter access decision strategy can be set in your Symfony2 app/config/security.yml. You have the choice of 3 approaches (Unanimous, Affirmative, Consensus). Set your strategy to  1 of them 3.

The approach of each is explained below.

  • Unanimous = 1 single voter denies access.
  • Affirmative = 1 single voter grants access.
  • Consensus = Majority wins.

So in Unanimous, if a single voter denies access, all other voters decisions are overridden and the bottom line is you will be denied access. If however you use Affirmative, a single voter only needs to grant access to override and the regardless of how many voters block you, you will always be granted access so long as a single voter permits it. Consensus, lastly; will weigh up and balance the number of denies or accesses being granted and decide that with the most voters wins. To put the Consensus another way, if more than half the voters grant access, then you have access. If more than half the voters deny access, then access will be denied.

Remember to return 1 of the 3 access types, the choices you have are:

Abstain will be impartial when using the consensus strategy for your security configuration.

You can set your class to be used, and listened for by the voting service in your bundles config, like so:

Authorisation on Roles in Symfony2

Following a discussion on the IRC room from someone who viewed my post about login/logout handlers in SF2, i wanted to clarify that when dealing with Roles, they should be dealt with in the controller actions.

For off, you need to make sure you got the right hierarchy of roles. In your app/config/security.yml you need something following the structure of:

Where the lowest level of access is at the top and the higher levels of access envelope the last levels of access.

Then you inside your controller actions you would do:

According the order of the role hierarchy if you have the role or higher than specified the controller action will continue, if you have a lower level of access than the minimum required then you will get an AccessDeniedException.

Deploying SF2 Projects on Plesk VPS.

Having recently setup the new website i thought i would share some of the steps i took to get things working as it was not all smooth sailing. First off i just to clarify the platform i am using, it is a linux setup utilising Plesk and a typical LAMP setup with that.

My project written in Symfony2 and all custom code (minus FOSUserBundle), did not get off to a great start on deployment, so for other people deploying their web apps on a VPS running plesk i will share the steps i took to get things working.

First you need to obviously create your account and you can do that under Plesk control panel, this is a relatively simple step and as we are more concerned about the more complex arena of what we need to do on the command line i shall leave the creating of the account under Plesk to the documentation that it ships with.

Once you have your account setup and you have your SSH credentials handy we can begin. Firstly, download the Symfony2 framework from their site preferably WIHOUT vendors, this will greatly reduce the transfer time of things if you are going to just FTP them onto your server, but you could use git to do this also.

If you don’t have git i suggest using yum to install git. You can do this with:

Once git is installed you can download SF2 that way, otherwise just FTP SF2 onto the server, preferably inside your httpdocs directory.

The next steps we need to take is to resolve some issues with the default setup of vhost.conf, which should be located in your domains conf/vhost.conf. Once you are in your domain dir (something like /var/www/vhosts/YOUR-DOMAIN.COM/) you should find the file which you can open with the vi editor like so:

Then we need to make some additions, which i shall explain after this snippet, you need to edit your vhost.conf file to look like this ( is my own domain, substitute this with your own accordingly.):

A few notes on the above snippet now, firstly, the most common issue people have is with open_basedir, which has a tendency to create permission errors with scripts, usually resulting in a blank screen with no error output. The other issue we resolve is to allow scripts and resources to be accessible through symlinks (particularly useful for assets where it is more efficient to symlink your bundles assets than copy them, particularly when you update your bundles later on). Then the section after regarding AllowOverride etc, opens up some of the remaining permissions issues. The last part of this vhost.conf allows us to use thw web folder as our actual web root directory, thusly protecting the rest of your source code (particularly your configs containing database passwords etc) from outside snooping. Once this is done, just restart apache like so:

Now that your vhost.conf configuration is out of the way, you will need to upload your project to your symfony/src/ directory on your server. You can do this either through FTP or the SCP utility on the command line, its up to you. I personally prefer using Cyberduck FTP client because you can add all manner of file types to exclude, namely large revision control files such as .git files etc. Excluding such files can cut your upload time in half in some projects with very large repositories.

Once your project is uploaded successfully, we should run the vendors install script, which you can do via:

This will install all the vendors that you did not download from the SF2 website. It makes much more sense to use the power of your VPS’s large bandwidth to download vendors than to download them to your local work machine and then use what is usually a very poor upload bandwidth of your ISP to get it all onto the server.

Before we run the check.php utility we will want to set the proper permissions on both the cache and log directories, so from your symfony/app directory do the following:

This is necessary so that symfony can write to the cache and logs directories. Once that is done, we must now run the check utility from the command line also, this helps identify any issues with your setup which will likely be a few on there. To run this type:

Following the issues highlighted modify your php.ini accordingly, usually you will do this by opening it in vi, and your default php.ini is usually in /etc/php.ini but we don’t want to edit this one, we want to edit your local php.ini which will overwrite the default one. If you choose to edit the default one found in /etc/php.ini then any changes made will effect all users on that server, depending on your root level of access on your VPS you may not actually be able to edit this anyway.

To edit your local php.ini file using vi again, edit:

OR if you do not have root access it will just be

And make all the according changes as per the issues the check.php script mentioned. Then we restart apache again:

Just to be sure that we got everything right, we can test that our settings are the right ones being used by creating a little test script in our httpdocs/symfony/web directory, create a file called phpinfo.php and edit it to look like the following:

Once all of those issues are resolved, we now want to make sure that there are no funky ‘.htaccess’ files in your root dir that might interfere with your project, so cd into your domains httpdocs directory and locate the default .htaccess directory, and delete it, if you don’t find one in there then that is good also. DO NOT remove the .htaccess file found in symfony/web you need this.

Now go to your browser and under your domain run your script, e.g; This should output a really nice looking page with all the configs of php. Check for all the appropriate settings and check all the php.ini includes you see on the page are correct. Hopefully the chosen php.ini should have its configs overwriting the default ones, if not see what php.ini file your setup is favouring and edit that accordingly.

Now we should go back to our symfony directory and setup our entities and database stuff. Go to your symfony/app/config directory and edit your parameters.ini file so that you have input all your database credentials. If you don’t have any database credentials then you need to go into your Plesk control panel and create a new database and get your login credentials from there.

To implement this you now need to run these 2 commands (the first one you will need to run for each bundles group namespace):

That should be your database setup now, now all you have to do is install your assets. As we enabled the FollowSymLinks setting under our vhost.conf this should be no problem, just run the command below:

Now that this is done, we should be ready to test our site out, check your domain to see if you can access your site.

Hopefully all is well and you don’t have any issues, but if you do, check your error log, which you can find in your domain’s statistics directory, statistics/logs/error_log if you do not have a statistics directory then check /var/log/httpd/error_log and see what issues are coming up there. The last occuring issues will be at the very bottom of the error log, so look their first.

Assuming all is well, we can now delete the phpinfo.php script (its not good to leave this around, it can be a security hazard to leak all of your setup info)

Also remove app_dev.php and config.php from your web directory as these are only needed for dev environments.

I would also recommend once everything is working and you have tested out everything on your site that you further edit your php.ini file in your local domain area so that you set the error reporting to:

but keep ‘log_errors = On‘ as you will want a log of anything that is breaking down if someone reports it then you can trace the log to duplicate the conditions hopefully under which the bug was generated, or at least point you in the right direction.

The last step is to setup some additional tools, namely php’s APC, which is really useful for optimising your sites php performance overall. Though installing APC is not required, it can dramatically improve performance and is recommended. You can read about that in my other blog article

Installing APC on a server running Plesk

I needed to install APC on a Plesk VPS today, and thought i would share what i did. Following the guide in the blog below i made some additions for a few things that were missing.

Original Guide here.

I also happen to be running CentOS, version 6.

Following the same steps in the linked site, i will add the few that you need that were missed and hopefully this will help anyone else who had the same issues i did with this. (if your like me an impatient you can add -y for most of these to speed up the setup process, it just auto answer yes to any yes/no prompts [mostly do you want to download this? sort of things]).

SSH into your server, preferably with some kind of admin/root access, and then type in the following one at a time.

Now we need to install the following as some installations of CentOS don’t have this but you may require it to use some of the PECL extensions.

Now chances are being a web server your setup most likely won’t have a dev tool chain, so we need 2 more things before we install APC. We need a compiler and we need a makefile utility (make will do). But first you can check if you have them before going to the extent of downloading something you may not need, to check if you got them:

If any of the 2 above do not show any results and comes back with nothing then you do not have them and need to install them, if your missing just one then install the one your missing. You will need both of them for the next step, if it comes up with a directory then you have it installed. If not we will get them with:

Now we should be able to download and install APC (don’t use the -y option here):

Now we need to create the extensions configs, first we create the ini file we need:

Then edit the file in vi (i would recommend vi over nano/pico as they tend to glitch over ssh)

Now type this into the vi editor (you need to press ‘i’ before you can type):

So save this file press the escape key and then type :wq and press enter, which should save and quit vi. I choose to disable the cache by default because this setting will apply to all users of your server and it can be a pain if people don’t want it running, they can enable it for themselves in their own directories etc/apc.ini

Lastly we need to restart the http server.