Separate frontend and backend users with sfDoctrineGuardPlugin

Question

i'm starting a project adn i'm using symfony, my first time with symfony, really great actually, i already install the sfDoctrineGuardPlugin and everything is ok untill now, why?, because frontend users can login in the backend and vice versa, i dont't want that, so, i start to google, i found Symfony sfDoctrineGuardPlugin custom login query here in SO, but i don't know where i should place the function so, i haven't tested it.

As i don't want frontend users can login in the backend, i think i can use credentials, can i?? but, symfony check for users credentials after they are logged, and i don't want tha neither, so, how can i achieve this?, maybe if i could have namespaces in the session, i can check if an admin in the backend namespace and also for frontend users, so they never get fixed, i think.

I don't know really know if sfDoctrineGuardPlugin have some configuration that can manage this situation, exist such a config??

Also, in my backend, i will like to have a page to manage the frontend users, and other for backend users, because frontend users will have a profile and addresses, think this is much easier, but i don't know where to start.

need some help over here

thanks

Answer 1

After a few days coding, i was able to do it exactly as i wanted, i'm going to share my solution:
I started with an example i found here in SO, you can read the post here:
Symfony sfDoctrineGuardPlugin custom login query it gave me an idea and i executed it, so, i create \lib\Util.class.php, with to functions, one for query backend users and another for frontend users

static public function retrieveCustomer($username, $isActive = true)
{
    $query = Doctrine_Core::getTable('sfGuardUser')->createQuery('u')
    ->leftJoin('u.Groups g')
    ->leftJoin('g.Permissions p')
    ->where('u.username = ?', $username)
    ->addWhere('u.is_active = ?', $isActive)
    ->addWhere('g.name = ?', 'customers');

    return $query->fetchOne();
}

static public function retrieveAdmin($username, $isActive = true)
{
    $query = Doctrine_Core::getTable('sfGuardUser')->createQuery('u')
    ->leftJoin('u.Groups g')
    ->leftJoin('g.Permissions p')
    ->where('u.username = ?', $username)
    ->addWhere('u.is_active = ?', $isActive)
    ->whereIn('g.name', array('administrators','operators'));

    return $query->fetchOne();
}  

Now, in the app.yml of each app, i override the default query of the plugin

#Example for apps/backend/config/app.yml
all:
    sf_guard_plugin:
        retrieve_by_username_callable: Util::retrieveAdmin

untill now all was good, but i started to face another problem, so i open a new thread: Overwriting isAuthenticated() in symfony and there i got the final step for my solution, that was setting differents session name for each app, so, in the factories.yml of each app:

#apps\backend\config\factories.yml
storage:
  class: sfSessionStorage
  param:
    session_name: backend

and now all is set, frontend users can not log in in backend app and vice versa.

feel free to comment