Assign groups based on logged user credentials

Question

I'm developing a application using sfDoctrineGuardPlugin and Symfony 1.4.20 then I've three users and three users groups and some permissions as follow:

user_name         user_group      permissions
u1                Group1          can_admin_full, can_admin
u2                Group2          can_admin
u3                Group3          no_admin

So u1 should be able to add users to the application but only can see Group2 and Group3 under Groups Options, u2 should be able to add users to the application to but only can see Group3 under Groups Options, so u1 and u2 shouldn't add users belonging to Group1, how I can get this using sfDoctrineGuard? It's possible?

NOTE: I use GroupN as a example but below in the code sample is the right names for groups and permissions!

EDIT: Improve question So after take a closer look at this I'm trying to to the same but adapted to my code so in lib/form/doctrine/sfDoctrineGuardPlugin/sfGuardUserForm.class.php I change this:

class sfGuardUserForm extends PluginsfGuardUserForm {

    public function configure() {
        //groups_list
        $this->getWidget('groups_list')->setOption('expanded', true);
        $this->getWidget('groups_list')->setOption('table_method', 'getListForAdmin');
        $this->getValidator('groups_list')->setOption('query', Doctrine::getTable('sfGuardGroup')->getListForAdmin());
    }

}

Also I made this changes at lib/model/doctrine/sfDoctrineGuardPlugin/sfGuardGroupTable.class.php

class sfGuardGroupTable extends PluginsfGuardGroupTable {

    /**
     * Returns an instance of this class.
     *
     * @return object sfGuardGroupTable
     */
    public static function getInstance() {
        return Doctrine_Core::getTable('sfGuardGroup');
    }

    /**
     * Builds list query based on credentials
     *
     */
    public function getListForAdmin() {
        $user = sfContext::getInstance()->getUser();
        $q = $this->createQuery('g');

        if ($user->hasPermissions('can_admin_full')) {
            $q->addWhere('g.name IN (?)', array('Administradores Monitor', 'Monitor'));
        } else if ($user->hasPermissions('can_admin')) {
            $q->addWhere('g.name IN (?)', array('Monitor'));
        }
        return $q;
    }

}

But don't work because login using a user that belongs to group "Administrador de Servicios" and has permissions 'can_admin' and 'can_admin_full' and I can see all the groups in the widget and I'm looking just for see in that case 'Administradores Monitor' and 'Monitor'

EDIT 2 Also try this other code:

$this->widgetSchema['groups_list'] = new sfWidgetFormDoctrineChoice(array('multiple' => true, 'table_method' => 'getListForAdmin', 'query' => Doctrine::getTable('sfGuardGroup')->getListForAdmin()));

And still not working, I change 'table_method' => 'getListForAdmin' to 'table_method' => 'getListForAdmin1' and nothing happens so I suspect that the method is never called

EDIT 3 Now it's working but see this: If I use this approach:

$this->getWidget('groups_list')->setOption('expanded', true);
$this->getWidget('groups_list')->setOption('table_method', 'getListForAdmin');
$this->getValidator('groups_list')->setOption('query', Doctrine::getTable('sfGuardGroup')->getListForAdmin());

Then I get this error:

SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens

If I use the other approach:

$this->widgetSchema['groups_list'] = new sfWidgetFormDoctrineChoice(array('multiple' => true, 'table_method' => 'getListForAdmin', 'query' => Doctrine::getTable('sfGuardGroup')->getListForAdmin()));

I get this other error:

sfWidgetFormDoctrineChoice requires the following options: 'model'.

Then I added the parameter model:

$this->widgetSchema['groups_list'] = new sfWidgetFormDoctrineChoice(array('multiple' => true, 'model' => 'sfGuardGroup', 'table_method' => 'getListForAdmin', 'query' => Doctrine::getTable('sfGuardGroup')->getListForAdmin()));

But get the same error as first approach, I suspect the problem is in getListForAdmin() function but really don't know where exactly

What's wrong at this point?

Answer 1

Try to change the conditional in getListForAdmin():

if ($user->hasPermissions('can_admin_full')) {
        $q->whereIn('g.name', array('Administradores Monitor', 'Monitor'));
    } else if ($user->hasPermissions('can_admin')) {
        $q->whereIn('g.name', array('Monitor'));
    }