There's the sfPropelAuthoredBehavior plugin for this.... On 2 May 2008, at 17:33, arhak wrote:
> > mmm... thank you, but no, that wasn't the question > all subscribers may post, but each subscriber only can edit/delete hes > own posts > I can dynamically check if he is owning the post he is trying to edit/ > delete, but that's posteriori, I would like to know it a priori. > Something like: > You "can" read this post (he can because he is a subcriber) > You "can" delete this post (he can because he is the owner, it means, > he created it) > You "can't" modify this post (he can't because doesn't have > privileges) > > So, the second action is restricted to "owners" (and moderators, etc), > but a subscriber must be owning the post to be able to delete it. > > > On Apr 30, 3:25 pm, "Pedro Casado" <[EMAIL PROTECTED]> wrote: >> delete: >> is_secure: on # Only for authenticated users >> credentials: admin # With the admin credential >> >> See:http://www.symfony-project.org/book/1_0/06-Inside-the-Controller-Laye >> ... >> >> On Tue, Apr 29, 2008 at 9:30 PM, arhak <[EMAIL PROTECTED]> wrote: >> >>> Security: How can I restrict an action to the "owner" only? >> >> -- >> Att, >> Pedro Casado > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
