Le 21 août 08 à 19:32, Jonathan a écrit :
> Some thoughts:
>
> It looks like the "Container type" and "Container id" are a way to
> restrict access to some sub level of content, but what if someone
> wants to restrict access to some arbitrary set of content that is X
> levels deep?
Hi Jonathan,
As you've seen, the hasPermission() method requires the full path of a
resource.
For a deep resource (3 levels for instance):
$path = new isicsACLResourcePath();
$path->add('news_category', $article->getGrandParentCategory()-
>getId());
$path->add('news_category', $article->getParentCategory()->getId());
$path->add('news_article', $article->getId());
Each of the path elements are checked. If a permission has been
defined at level 1, we have
- container_type: news_category
- container_id: 1
- resource_type: news_article
> An alternative approach might allow users to define their own security
> "roles", where a role protects some set of functionality, either
> arbitrary page resources or actual URLs. Protecting URLs can be
> enforced by the plugin. Protecting resources is something that
> requires some user code, in this case, resources can be as fine or
> course grained as the user wants. I have no idea if sfGuard already
> allows something like this... I couldn't tell from it's README, so let
> me give an example of what I mean.
I don't think using urls as resources identifiers would be a good idea.
--
Nicolas CHARLOT
http://www.isics.fr
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
