I think he means not making a template but messing around with the
generator yaml.
On Feb 1, 10:50 am, Richtermeister <nex...@gmail.com> wrote:
> Hey there,
>
> I know that sounds like a good idea, but it really isn't.
> The right place to control access to form fields is in the form class
> itself, because think about it, the same form that your admin
> generator uses can be used / embedded elsewhere too, so your
> credentials restriction wouldn't apply there and you'd have a
> potential security risk. So, the way to do this is to inject the
> current user into the form. The generator gives your an easy way to do
> so in the GeneratorConfiguration class. Just override the
> getFormOptions() method and add the current user to the options.
>
> Inside the form you can then configure accordingly:
>
> if(($user = $this -> getOption("user")) && $user instanceof sfUser)
> {
> if($user -> hasCredentials("xyz")
> {
> //add credential fields & validators here
> }
>
> }
>
> Makes sense?
> Daniel
>
> On Feb 1, 9:00 am, l3ia-etu <emmanuel.tul...@gmail.com> wrote:
>
> > hi everyone,
>
> > i would like to customize an edit action: i would like to disallow the
> > modification of a field from user that has not a credential:
>
> > i can disallow the edition of a field for all users:
> > config:
> > form:
> > display:
> > NONE: [article_id]
> > Editable: [author, content, created_at]
>
> > or disallow an action if the user doesn't have a credential:
> > config:
> > actions:
> > edit: { credentials: [arti] }
> > delete: { credentials: [arti] }
>
> > but how to mix these 2 constraints ? (disallow a field modification
> > for a user that doesn't have a credential)
>
> > thanks.
--
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to symfony-us...@googlegroups.com.
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en.
