mmm... thank you, but no, that wasn't the question all subscribers may post, but each subscriber only can edit/delete hes own posts I can dynamically check if he is owning the post he is trying to edit/ delete, but that's posteriori, I would like to know it a priori. Something like: You "can" read this post (he can because he is a subcriber) You "can" delete this post (he can because he is the owner, it means, he created it) You "can't" modify this post (he can't because doesn't have privileges)
So, the second action is restricted to "owners" (and moderators, etc), but a subscriber must be owning the post to be able to delete it. On Apr 30, 3:25 pm, "Pedro Casado" <[EMAIL PROTECTED]> wrote: > delete: > is_secure: on # Only for authenticated users > credentials: admin # With the admin credential > > See:http://www.symfony-project.org/book/1_0/06-Inside-the-Controller-Laye... > > On Tue, Apr 29, 2008 at 9:30 PM, arhak <[EMAIL PROTECTED]> wrote: > > > Security: How can I restrict an action to the "owner" only? > > -- > Att, > Pedro Casado --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
