Hello Bernhard,
I understand the first design flaw which, to my mind, can be worked
around by just using real object and/or list routes. So, basically one
has to disallow the standard symfony routes (modelname/action for
example). I don't think that's such a big step, especially considering
the direction RESTful routing is taking.
I thought you'd just wrap getObject/getObjects with your own
implementation and not create a new method for it so it's a bit hard
to convert, for instance, standard admin generator modules to use
these new route classes because you can't just change the route class
in routing.yml.
What would stand against wrapping getObject of sfDoctrineRoute in your
own sfDoctrineRestrictedRoute?
public function getObject()
{
// check access privileges for generic properties (module, action,
time, whatever...)
parent::getObject();
// check access privileges for specific object
}
getObjects would basically be the same, I guess.
Thanks for explaining your implementation, Symfony has a long way to
go when it comes to DRY-ly securing application/modules/actions/
objects. :)
Cheers, Daniel
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
-~----------~----~----~----~------~----~------~--~---
