Hey there,
I know that sounds like a good idea, but it really isn't.
The right place to control access to form fields is in the form class
itself, because think about it, the same form that your admin
generator uses can be used / embedded elsewhere too, so your
credentials restriction wouldn't apply there and you'd have a
potential security risk. So, the way to do this is to inject the
current user into the form. The generator gives your an easy way to do
so in the GeneratorConfiguration class. Just override the
getFormOptions() method and add the current user to the options.
Inside the form you can then configure accordingly:
if(($user = $this -> getOption("user")) && $user instanceof sfUser)
{
if($user -> hasCredentials("xyz")
{
//add credential fields & validators here
}
}
Makes sense?
Daniel
On Feb 1, 9:00 am, l3ia-etu <emmanuel.tul...@gmail.com> wrote:
> hi everyone,
>
> i would like to customize an edit action: i would like to disallow the
> modification of a field from user that has not a credential:
>
> i can disallow the edition of a field for all users:
> config:
> form:
> display:
> NONE: [article_id]
> Editable: [author, content, created_at]
>
> or disallow an action if the user doesn't have a credential:
> config:
> actions:
> edit: { credentials: [arti] }
> delete: { credentials: [arti] }
>
> but how to mix these 2 constraints ? (disallow a field modification
> for a user that doesn't have a credential)
>
> thanks.
--
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to symfony-us...@googlegroups.com.
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en.
