I just thought that the route object will do the query itself (and when I call the getObject in the action I will get some cache object from the the route) to check that the object exists, as you can see, my model (aware of the context, i dont like it very much, but that's not the point) will not return the object based on who is asking.
Im seeing two problems with the route waiting for the user to call the getobject and then if nothing is returned executing the forward404. 1) The user may not call the getobject (assuming the route did) and then the page will render even if the user was not supposed to see that page. 2) The user may cal the getObejct at a later stage in the action and all previous commands will be executed assuming that the user had the right to see that page. One possible scenario is when I only need the id in the action, (ie, to add it to some favorites) I got it via the getParam method. It just seems to be semantically incorrect to delegate some functionality to the route and wait for that behavior to occur at the action. I hope I make sense. Thanks. Pablo On 5/3/09, Jonathan Wage <[email protected]> wrote: > Hm. Well, how could that be possible? You have to execute some kind of query > to the database to determine if the user has the ability to view that record > or not. > > - Jon > > On Sat, May 2, 2009 at 5:10 AM, Gandalf <[email protected]> wrote: > >> >> Hello there! >> >> I added a constraint at the model to limits the current user to ready >> only messages addresed to him. >> >> The problem is that the route model only executes the query after I >> called the getObject method in the action. >> >> I would like to ban the user to the 404 page without calling the >> getObejct method in the action, the same behavior that one gets if I >> send a char instead of an integer. >> >> Feature or bug? >> >> >> I did this: >> >> routing.yml >> >> message: >> url: /message/:id >> class: sfDoctrineRoute >> options: >> model: Message >> type: object >> method_for_query: getMessageToCurrentUser >> param: { module: messages, action: view } >> requirements: >> id: \d+ >> sf_method: [GET] >> >> and the model: >> >> public function getMessageToCurrentUser (Doctrine_Query $q){ >> $alias = $q->getRootAlias(); >> >> $q->andWhere($alias . '.to_id = ?', >> sfContext::getInstance()->getUser ()->getGuardUser()->id); >> return $q->fetchOne(); >> } >> >> > >> > > > -- > Jonathan H. Wage > Open Source Software Developer & Evangelist > sensiolabs.com | jwage.com | doctrine-project.org | symfony-project.org > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
