Hi Guys
I like RBAC implementation of Agavi, but I'm still confused how to add
credential for some resource to a specified user?
For example I've got 'Messages' module with all CRUD capabilities.
It is easy to allow ordinary user to read messages and create them - with
restriction to deleteting and editing (only moderators and administators can
do that).
What then if I want to be more precise, and want to allow user to update
only his/her own messages?
Where to put logic of that? It seems that it is not built-in in any way.
AgaviAction::getCredentials() does not feet-in... or maybe? I remember that
in sample application in rbac_definitions.xml there is definition like:
<role name="photographer">
<permissions>
<permission>photos.edit-own</permission>
<!-- etc. -->
</permissions>
</role>
But its not implemented.
I already asked the main question - where to put logic of that? In action,
filter? Hmmm?
Cheers, Alan
P.S. Thanks in advance for any response
_______________________________________________
users mailing list
[email protected]
http://lists.agavi.org/mailman/listinfo/users
