I already solved it with overwriting the whole action:
public function executeEdit(sfWebRequest $request)
{
$id=$this->getUser()->getGuardUser()->getId();
$this->member = Doctrine::getTable('Member')->find($id);
$this->form = $this->configuration->getForm($this->member);
}
but I'm interested in if it's possible to just manipulate the request
and call parent::executeEdit() like described in the last message..?!
Thanks!!
comb
Am 05.04.2010 23:06, schrieb Robert Heim:
yeah good idea!
I got a last small problem within the solution, since I do not know
how to pass the ..->getUser()->getId() to the auto-edit-action?!
I now overwrite the routes from the admin-generator
backend/config/routing.yml
..
# the Route I want to be used..
member_edit:
url: /members/edit
class: sfDoctrineRoute
options: { model: Member, type: object}
param: { module: member, action: edit }
requirements:
sf_method: [get]
member_object:
... #(other route to be overwritten, since it gives access to to the
member/id/edit page... and for more security I could overwrite
update/delete etc, too.. but I'm not that paranoid..^^)
So now I only need to get the ID from the users-session (no problem..)
and I need to pass this id to the admin-edit auto action... but how do
i do that??
class memberActions extends autoMemberActions
{
public function executeEdit(sfWebRequest $request)
{
$id=$this->getUser()->getGuardUser()->getId();
// HERE I NEED TO PASS THE ID TO THE
AUTO-GENERATED-EDIT-ACTION, BUT HOW?
parent::executeEdit($request);
}
}
this does not work:
$id=$this->getUser()->getGuardUser()->getId(); // die($id)==3
$request->setAttribute('id', $id);
it's always displaying the edit-page for id=1 and not for the users id
3..Help?
comb :-)
Am 05.04.2010 14:49, schrieb Tom Ptacnik:
You can disable this edit route and create your ow route without user
id. And in the action retrieve logged user id from the session.
On 3 dub, 00:49, comb<sa...@gmx.net> wrote:
Hey
(symfony 1.4 + Doctrine)
In the backend I have a list of members where each member is connected
to a sfGuardUser. .
Now I want that every Member can only edit his own profil, but not the
ones of others.
For the list-view I already got a solution with the table_methode
where I can specify a $q->andWhere():
//Member.class.php
[...]
public function retrieveBackendMember(Doctrine_Query $q)
{
try {
// not-admin-users may only edit their own
profiles
$user = sfContext::getInstance()->getUser();
$user_id = $user->getGuardUser()->getId();
if (!$user->hasCredential('admin'))
{
$rootAlias = $q->getRootAlias();
$q->andWhere($rootAlias.'.sf_guard_user_id
= ?', $user_id);
}
} catch (Exception $e) {
// show none...
$q->andWhere('false');
}
return $q;
}
[...]
But if I change the id in the URL I can edit others, too..
../backend_dev.php/members/23/edit
-> ../backend_dev.php/members/24/edit *WORKS, BUT I WANT A
"NEED-AUTH"-
MESSAGE*
How can I do that?
Thanks!
comb
... who is tired from symfony-google-maraton :-(
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
To unsubscribe, reply using "remove me" as the subject.
