Here's how I'd do it:
1) have user login and store relevant info on user in session
2) store the organization object in the session
3) use the organization object in the session to retrieve the articles
for review.
The organization object would have a method called getArticles() that is
tied to the organization's Id. It won't fetch all articles, just those
articles that belong to the organization object. If you build your
logic correctly, any ids passed through the url would have to validate
in this manner (must exist in organization object before it will appear
in list of articles or when viewing detail of the article). You could
also validate the organization id from the user with the organization id
from the article.
I have some other ideas on how to accomplish this if this approach won't
work for you.
Charley
Erik Itland wrote:
> Hi all
>
> I'm looking into making records from a table available only for specified
> users.
>
> Example schema:
>
> propel:
> organization:
> _attributes: { phpName: Organization }
> id:
>
> user:
> _attributes: { phpName: User }
> id:
> organization_id:
> name
>
> article:
> _attributes: { phpName: Article}
> organization_id:
> article_content: longvarchar
>
>
> so that a user can only access (read, list, edit etc) articles that belong
> to his organization.
>
> I guess this is a quite common request, but I still haven't found any easy
> way to to it. I see I can solve it by overriding some methods in Article and
> ArticlePeer and make some security checks back in action.class.php, but I
> guess there is an easier way to to it that would reduce the risk of creating
> a maintenance nightmare. (Yes, the case above is just a greatly simplified
> case.)
>
> Does anybody here know the right way to solve it?
>
> Regards,
>
> Erik I
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
