You'd need to use a custom model method to retrieve the object of the user. The route would simply pass the request parameter with the user id (or username) that comes from the URL. Of course, you can create a normal route with a parameter like /:user_id but the idea of using a subdomain per user is nice, and it doesn't require too much code to make it work.
Anyway, with both choices you can get the same result: get the user from the URL and use it on a custom finder method. You can configure your route to use your method. This way allows you to get always the objects of the user present on the URL, and nothing else. Cheers. On Mon, Aug 9, 2010 at 8:17 PM, bretth <[email protected]> wrote: > Yep, I get the wild card thing; just figured its another whole layer > of stuff that I'd prefer not to include. > > But what I don't get; is that at some point doing it that way; you > still have to filter out the listing of records to just the ones that > have image.user_id = ?. In your idea, where would that be done? > > thanks for the help! > > On Aug 9, 10:39 pm, Gustavo Adrian <[email protected]> > wrote: > > It depends on the options of your hosting I guess. If you have a panel > like > > cPanel (even with a shared hosting), you can set a new subdomain with a > > wildcard "*" to point directly to your root public folder, and that's it. > If > > it's still a problem, you could directly create a url pattern adding the > > username to it (www.myDomain.com/username/mySection) and make it look > for > > items just for that user. > > > > Any of those ideas would be my choice. Anything else I think it would be > not > > as elegant as I wish. > > > > Cheers. > > > > On Mon, Aug 9, 2010 at 8:53 AM, bretth <[email protected]> wrote: > > > Thanks for the suggestion Gustavo, but this seems like way too much > > > complication for what seems like a pretty simple job; involving DNS > > > into this potentially adds another whole area for complications and > > > issues. > > > > > can anyone shed some light? > > > > > cheers > > > > > On Aug 9, 2:36 pm, Gustavo Adrian <[email protected]> wrote: > > > > Maybe adding the username to a subdomain, like " > username.myDomain.com" > > > and > > > > create a new routing class that takes that username into account to > > > filter > > > > items by user? > > > > > > On the "More with Symfony" book is a great example of this approach: > > > > > > > http://www.symfony-project.org/more-with-symfony/1_4/en/02-Advanced-R... > > > > > > Hope that helps > > > > > > On Mon, Aug 9, 2010 at 12:35 AM, bretth <[email protected]> wrote: > > > > > Hi, > > > > > > > I want to give my users the ability to easily add edit and delete > > > > > "images" which are associated with their account. In the backend I > > > > > just have a standard admin generator module for this that allows > > > > > editing all the images on the site, but I want to give the users a > > > > > front end version for their own use, where they can only edit their > > > > > own images. > > > > > > > I have created the front end admin module; currently all images on > the > > > > > site get shown, but I want to limit the images that get displayed > to > > > > > just that user (ie so they dont see anything but their own images) > > > > > > > I also need to ensure that they can't trick the website by playing > > > > > with the xhtml, URL or http requests to modify images that don't > > > > > belong to them. > > > > > > > I know that I can modify the buildQuery() method in the > imageActions > > > > > class; but that doesn't seem very elegant. I also see the > > > > > admin.build_query event which i know I could listen to; but again; > not > > > > > ideal (in my opinion) > > > > > > > I would prefer to create a filter that ensures that they are only > ever > > > > > shown images that match their id (the site is secured with > > > > > sfDoctrineGuardPlugin). > > > > > > > But I have no idea how to approach this; I've never worked with > > > > > filters before and the documentation that I've read seems more > about > > > > > just modifying the display of filters. > > > > > > > Do I create a new filter object and then tell the generator.yml to > use > > > > > that filter instead of the default? Can you point me to any docs on > > > > > this? > > > > > > > Also, the other question I have: > > > > > > > is how are users prevented from editing other peoples images; ie > > > > > what's stopping someone from seeing > > > > > > > /image/7/edit > > > > > > > which belongs to their account, and then guessing > > > > > > > /image/9/edit > > > > > > > which belongs to someone else. How can I easily ensure that they're > > > > > not adding, updating or deleting images that don't belong to them? > > > > > > > Thanks a lot :) > > > > > > > Brett > > > > > > > -- > > > > > If you want to report a vulnerability issue on symfony, please send > it > > > to > > > > > security at symfony-project.com > > > > > > > You received this message because you are subscribed to the Google > > > > > Groups "symfony users" group. > > > > > To post to this group, send email to > [email protected] > > > > > To unsubscribe from this group, send email to > > > > > [email protected]<symfony-users%[email protected]> > <symfony-users%[email protected]<symfony-users%[email protected]> > > > > > <symfony-users%[email protected]<symfony-users%[email protected]> > <symfony-users%[email protected]<symfony-users%[email protected]> > > > > > > > > > For more options, visit this group at > > > > >http://groups.google.com/group/symfony-users?hl=en > > > > > -- > > > If you want to report a vulnerability issue on symfony, please send it > to > > > security at symfony-project.com > > > > > You received this message because you are subscribed to the Google > > > Groups "symfony users" group. > > > To post to this group, send email to [email protected] > > > To unsubscribe from this group, send email to > > > [email protected]<symfony-users%[email protected]> > <symfony-users%[email protected]<symfony-users%[email protected]> > > > > > For more options, visit this group at > > >http://groups.google.com/group/symfony-users?hl=en > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected]<symfony-users%[email protected]> > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
