Yep, I get the wild card thing; just figured its another whole layer of stuff that I'd prefer not to include.
But what I don't get; is that at some point doing it that way; you still have to filter out the listing of records to just the ones that have image.user_id = ?. In your idea, where would that be done? thanks for the help! On Aug 9, 10:39 pm, Gustavo Adrian <[email protected]> wrote: > It depends on the options of your hosting I guess. If you have a panel like > cPanel (even with a shared hosting), you can set a new subdomain with a > wildcard "*" to point directly to your root public folder, and that's it. If > it's still a problem, you could directly create a url pattern adding the > username to it (www.myDomain.com/username/mySection) and make it look for > items just for that user. > > Any of those ideas would be my choice. Anything else I think it would be not > as elegant as I wish. > > Cheers. > > On Mon, Aug 9, 2010 at 8:53 AM, bretth <[email protected]> wrote: > > Thanks for the suggestion Gustavo, but this seems like way too much > > complication for what seems like a pretty simple job; involving DNS > > into this potentially adds another whole area for complications and > > issues. > > > can anyone shed some light? > > > cheers > > > On Aug 9, 2:36 pm, Gustavo Adrian <[email protected]> wrote: > > > Maybe adding the username to a subdomain, like "username.myDomain.com" > > and > > > create a new routing class that takes that username into account to > > filter > > > items by user? > > > > On the "More with Symfony" book is a great example of this approach: > > > >http://www.symfony-project.org/more-with-symfony/1_4/en/02-Advanced-R... > > > > Hope that helps > > > > On Mon, Aug 9, 2010 at 12:35 AM, bretth <[email protected]> wrote: > > > > Hi, > > > > > I want to give my users the ability to easily add edit and delete > > > > "images" which are associated with their account. In the backend I > > > > just have a standard admin generator module for this that allows > > > > editing all the images on the site, but I want to give the users a > > > > front end version for their own use, where they can only edit their > > > > own images. > > > > > I have created the front end admin module; currently all images on the > > > > site get shown, but I want to limit the images that get displayed to > > > > just that user (ie so they dont see anything but their own images) > > > > > I also need to ensure that they can't trick the website by playing > > > > with the xhtml, URL or http requests to modify images that don't > > > > belong to them. > > > > > I know that I can modify the buildQuery() method in the imageActions > > > > class; but that doesn't seem very elegant. I also see the > > > > admin.build_query event which i know I could listen to; but again; not > > > > ideal (in my opinion) > > > > > I would prefer to create a filter that ensures that they are only ever > > > > shown images that match their id (the site is secured with > > > > sfDoctrineGuardPlugin). > > > > > But I have no idea how to approach this; I've never worked with > > > > filters before and the documentation that I've read seems more about > > > > just modifying the display of filters. > > > > > Do I create a new filter object and then tell the generator.yml to use > > > > that filter instead of the default? Can you point me to any docs on > > > > this? > > > > > Also, the other question I have: > > > > > is how are users prevented from editing other peoples images; ie > > > > what's stopping someone from seeing > > > > > /image/7/edit > > > > > which belongs to their account, and then guessing > > > > > /image/9/edit > > > > > which belongs to someone else. How can I easily ensure that they're > > > > not adding, updating or deleting images that don't belong to them? > > > > > Thanks a lot :) > > > > > Brett > > > > > -- > > > > If you want to report a vulnerability issue on symfony, please send it > > to > > > > security at symfony-project.com > > > > > You received this message because you are subscribed to the Google > > > > Groups "symfony users" group. > > > > To post to this group, send email to [email protected] > > > > To unsubscribe from this group, send email to > > > > [email protected]<symfony-users%[email protected]> > > <symfony-users%[email protected]<symfony-users%[email protected]> > > > > > For more options, visit this group at > > > >http://groups.google.com/group/symfony-users?hl=en > > > -- > > If you want to report a vulnerability issue on symfony, please send it to > > security at symfony-project.com > > > You received this message because you are subscribed to the Google > > Groups "symfony users" group. > > To post to this group, send email to [email protected] > > To unsubscribe from this group, send email to > > [email protected]<symfony-users%[email protected]> > > For more options, visit this group at > >http://groups.google.com/group/symfony-users?hl=en -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
