Great, I'll check those. Thank you for the help!
Edi. On Wed, May 14, 2014 at 8:04 PM, 'Jasper N. Brouwer' via doctrine-user < [email protected]> wrote: > Purely on a DB/ORM level you have several ways to check permissions: > > - Custom repository methods that perform queries with the joins you are > talking about [1]. > - Fire custom events upon reading that you can hook in to (what Marco > described). > - Hook into Doctrine's `PostLoad` event [2]. > - Use Query Walkers [3]. > - Use Filters [4]. > - A combination of the above. > > Maybe you could explain, or show a sample of, how you are solving this > with your current ORM? The we could provide some help on how that can be > done in Doctrine. > > [1]: > http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/reference/working-with-objects.html#custom-repositories > [2]: > http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/reference/events.html#postload > [3]: > http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/cookbook/dql-custom-walkers.html > [4]: > http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/reference/filters.html > > -- > Jasper N. Brouwer > (@jaspernbrouwer) > > > On 14 May 2014 at 15:40:07, Edi Buslovich ([email protected]) wrote: > > As I understand you suggest to call a callback for every INSERT to DB, > the > > callback will get the entity object and check against the DB to verify > that > > the returned object really belongs to the logged in user? > > But what about a SELECT query that returns 100 objects? The solution > should > > be tied to the DB layer, because in this case for performance reasons I'd > > like to make a JOIN with the Users and the Comments table in the SELECT > > query that will make sure that the returned comments will belong only to > > the logged in user. > > > > I hope you understand me, because my use case became a little bit > > complicated without any query examples provided. > > > > Thanks, > > Edi. > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "doctrine-user" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/doctrine-user/EqHFuKZUblw/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/doctrine-user. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "doctrine-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/doctrine-user. For more options, visit https://groups.google.com/d/optout.
