The method that's used to look up an item in CRUDify is: def findForParam(in: String): Box[CrudType] = find(in)
You can override this method: override def findForParam(in: String): Box[CrudType] = find(in).filter(_.canBeViewedBy(User.currentUser)) And then implement: def canBeViewedBy(who: Box[User]): Boolean = // your logic here Thanks, David On Mon, Nov 23, 2009 at 12:12 PM, tommycli <[email protected]> wrote: > Say we have a "Poll" object with an "owner" field that's CRUDified. > > For urls such as: > > /polls/view/41 > > How would I restrict access to the user who matches the "owner" field. > > 1. Would I do this through SiteMap? How would I test the currentUser > against the object? > 2. Or would I allow access on Sitemap, and then control whether or not > it's displayed in the Snippet itself? > > The second method seems to be the obvious one - but then I'm placing > access control in two places - both SiteMap and the view. > > Let me know I'm missing something. > > -- > > You received this message because you are subscribed to the Google Groups > "Lift" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<liftweb%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/liftweb?hl=. > > > -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Surf the harmonics -- You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/liftweb?hl=.
