Thanks for the suggestion Gustavo, but this seems like way too much complication for what seems like a pretty simple job; involving DNS into this potentially adds another whole area for complications and issues.
can anyone shed some light? cheers On Aug 9, 2:36 pm, Gustavo Adrian <[email protected]> wrote: > Maybe adding the username to a subdomain, like "username.myDomain.com" and > create a new routing class that takes that username into account to filter > items by user? > > On the "More with Symfony" book is a great example of this approach: > > http://www.symfony-project.org/more-with-symfony/1_4/en/02-Advanced-R... > > Hope that helps > > On Mon, Aug 9, 2010 at 12:35 AM, bretth <[email protected]> wrote: > > Hi, > > > I want to give my users the ability to easily add edit and delete > > "images" which are associated with their account. In the backend I > > just have a standard admin generator module for this that allows > > editing all the images on the site, but I want to give the users a > > front end version for their own use, where they can only edit their > > own images. > > > I have created the front end admin module; currently all images on the > > site get shown, but I want to limit the images that get displayed to > > just that user (ie so they dont see anything but their own images) > > > I also need to ensure that they can't trick the website by playing > > with the xhtml, URL or http requests to modify images that don't > > belong to them. > > > I know that I can modify the buildQuery() method in the imageActions > > class; but that doesn't seem very elegant. I also see the > > admin.build_query event which i know I could listen to; but again; not > > ideal (in my opinion) > > > I would prefer to create a filter that ensures that they are only ever > > shown images that match their id (the site is secured with > > sfDoctrineGuardPlugin). > > > But I have no idea how to approach this; I've never worked with > > filters before and the documentation that I've read seems more about > > just modifying the display of filters. > > > Do I create a new filter object and then tell the generator.yml to use > > that filter instead of the default? Can you point me to any docs on > > this? > > > Also, the other question I have: > > > is how are users prevented from editing other peoples images; ie > > what's stopping someone from seeing > > > /image/7/edit > > > which belongs to their account, and then guessing > > > /image/9/edit > > > which belongs to someone else. How can I easily ensure that they're > > not adding, updating or deleting images that don't belong to them? > > > Thanks a lot :) > > > Brett > > > -- > > If you want to report a vulnerability issue on symfony, please send it to > > security at symfony-project.com > > > You received this message because you are subscribed to the Google > > Groups "symfony users" group. > > To post to this group, send email to [email protected] > > To unsubscribe from this group, send email to > > [email protected]<symfony-users%[email protected]> > > For more options, visit this group at > >http://groups.google.com/group/symfony-users?hl=en -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
