Hello, okay i got most of the user stuff ready now for Redracer, so I started planing on the Projects Module.
So one the one hand I have the Credentials, which tell me if the user is allowed to call the action, but on the other I have the Projects. Without some access control every user would be able to edit projects which do not belong to him. Now a user has the Credential "edit-own" should I put some logic in the getCredentials() function to check if it is his own project? And what should the function return? Also where should I place the ACL? I guess in the DB... but currently I'm getting all my credentials from the rbac_definitions.xml how do I add the Credentials from the DB to the User, or better when? Has anyone yet had such a problem and might be able to provide me an example? Cheers --- Dipl.-Betriebsw. (BA) Benjamin Börngen-Schmidt Pallaswiesenstraße 30 64293 Darmstadt fon: +49 (0)6151 6795935 email: [email protected] _______________________________________________ Agavi Dev Mailing List [email protected] http://lists.agavi.org/mailman/listinfo/dev
