Purely on a DB/ORM level you have several ways to check permissions: - Custom repository methods that perform queries with the joins you are talking about [1]. - Fire custom events upon reading that you can hook in to (what Marco described). - Hook into Doctrine's `PostLoad` event [2]. - Use Query Walkers [3]. - Use Filters [4]. - A combination of the above.
Maybe you could explain, or show a sample of, how you are solving this with your current ORM? The we could provide some help on how that can be done in Doctrine. [1]: http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/reference/working-with-objects.html#custom-repositories [2]: http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/reference/events.html#postload [3]: http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/cookbook/dql-custom-walkers.html [4]: http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/reference/filters.html -- Jasper N. Brouwer (@jaspernbrouwer) On 14 May 2014 at 15:40:07, Edi Buslovich ([email protected]) wrote: > As I understand you suggest to call a callback for every INSERT to DB, the > callback will get the entity object and check against the DB to verify that > the returned object really belongs to the logged in user? > But what about a SELECT query that returns 100 objects? The solution should > be tied to the DB layer, because in this case for performance reasons I'd > like to make a JOIN with the Users and the Comments table in the SELECT > query that will make sure that the returned comments will belong only to > the logged in user. > > I hope you understand me, because my use case became a little bit > complicated without any query examples provided. > > Thanks, > Edi. -- You received this message because you are subscribed to the Google Groups "doctrine-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/doctrine-user. For more options, visit https://groups.google.com/d/optout.
