thanks, very useful plugin, it's actually related, but what I was looking for seems to be this: http://www.symfony-project.org/snippets/snippet/18 thanks to alexndlm
On May 2, 12:46 pm, Lee Bolding <[EMAIL PROTECTED]> wrote: > There's the sfPropelAuthoredBehavior plugin for this.... > > On 2 May 2008, at 17:33, arhak wrote: > > > > > mmm... thank you, but no, that wasn't the question > > all subscribers may post, but each subscriber only can edit/delete hes > > own posts > > I can dynamically check if he is owning the post he is trying to edit/ > > delete, but that's posteriori, I would like to know it a priori. > > Something like: > > You "can" read this post (he can because he is a subcriber) > > You "can" delete this post (he can because he is the owner, it means, > > he created it) > > You "can't" modify this post (he can't because doesn't have > > privileges) > > > So, the second action is restricted to "owners" (and moderators, etc), > > but a subscriber must be owning the post to be able to delete it. > > > On Apr 30, 3:25 pm, "Pedro Casado" <[EMAIL PROTECTED]> wrote: > >> delete: > >> is_secure: on # Only for authenticated users > >> credentials: admin # With the admin credential > > >> See:http://www.symfony-project.org/book/1_0/06-Inside-the-Controller-Laye > >> ... > > >> On Tue, Apr 29, 2008 at 9:30 PM, arhak <[EMAIL PROTECTED]> wrote: > > >>> Security: How can I restrict an action to the "owner" only? > > >> -- > >> Att, > >> Pedro Casado --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
