User management and how to secure pages / actions

Diem adds a thin layer on the top of symfony security system, and forked sfDoctrineGuardPlugin.

User management

dmUserPlugin is a fork of sfDoctrineGuardPlugin. It provides users, permissions and groups.


A user is an instance of DmUser. It has a name and an email, and can be associated to permissions and groups.

A builtin interface is provided in admin application to manage users. In the upper tool bar, click System->Security->Users.

Add fields and relations to the user model

Diem doesn't use an external Profile model to store extra user informations. It's way simpler to add directly what you need to the DmUser model.
Let's say you want your user to have a description and a photo. Just add the fields and relations in your config/doctrine/schema.yml:

    description:   { type: clob, extra: markdown }  
    pĥoto:         { type: integer }  
      class:       DmMedia  
      local:       pĥoto  
      onDelete:    SET NULL  

Learn more about Diem schema.yml.

Then, run your doctrine migrations and the dm:setup task.

Update the user admin interface
Plugin admin modules are not generated in your project. So this time you need to copy yourself
into your project, in
And add manually the fields:

          - description  
          - photo  

         "My fields": [ photo_form, photo_view, description ]  


A permission is an instance of DmPermission. When associated to a user, it defines what he is allowed to do.

A builtin interface is provided in admin application to manage permissions. In the upper tool bar, click System->Security->Permissions.


A group is an instance of DmGroup. When a user is associated to a group, the user get all the group's permissions.

A built-in interface is provided in admin application to manage groups. In the upper tool bar, click System->Security->Groups.

Secure a page

A secured page can only be seen by authenticated users.
When a non-authenticated user tries to access a secured page, he is forwarded to the main.login page.
You are responsible for creating the Login page content ( message, login form... ).

Manual pages

To secure a manual page, go to the page and edit it by clicking on the "Edit page" button. A dialog appears. In the "Publication" tab, click the "Requires authentication" checkbox.

Automatic pages

For pages that represent a record ( e.g. blog post page ), you can use the Post model is_active field. It allows you to activate/deactivate the posts from admin interface. Deactivated post pages are secured, and deactivated posts no more appear in post lists.

Secure an action

The symfony way to secure an action works with Diem.

Front login page

Some of our website pages are secured, and we want users to be able to login directly on the front application to access them.
So we will create a login form and drop it into the login page. First, create a loginForm action in



To let diem generate the loginForm component and template, go on the front application and click the lower tool bar "Update project" button.

If the front files are not properly generated, please see the troubleshooting guide.

Then we will add the executeLoginFormWidget method to the main actions. This action will be executed before page rendering, and so we can use redirections.

 * Main actions  
class mainActions extends myFrontModuleActions  
  public function executeLoginFormWidget(dmWebRequest $request)  
    $user = $this->getUser();  
    // by assigning the form to $this->forms,  
    // we allow the loginForm component to access it  
    $form = $this->forms['login'] = new DmFormSignin;  
    if ($request->isMethod('post'))  
      if ($form->bindAndValid($request))  
        $this->getUser()->signin($form->getValue('user'), $form->getValue('remember', false));  
        return $this->redirect($request->getReferer());  

Then the component will get the form, and pass it to the template.

 * Main components  
 * No redirection nor database manipulation ( insert, update, delete ) here  
class mainComponents extends myFrontModuleComponents  
  public function executeLoginForm()  
    $this->form = $this->forms['login'];  

The last thing to do is display the form on the _loginForm.php template.

// Main : Login form  
echo $form->open();  
echo _tag('ul',  
  _tag('li', $form['username']->label()->field()->error()).  
  _tag('li', $form['password']->label()->field()->error()).  
  _tag('li', $form['remember']->label()->field()->error())  
echo $form->renderHiddenFields();  
echo $form->submit('Login');  
echo $form->close();  

This template uses Diem template helpers.

Questions and Feedback

If you need support or have a technical question, you can

  • Post to the google group
  • Come and chat on the #diem IRC channel on freenode