Re: [symfony-users] generator.yml : disallow a field modification for a user that doesn't have a credential

Wed, 03 Feb 2010 23:43:26 -0800 

On 1 February 2010 17:00, l3ia-etu <emmanuel.tul...@gmail.com> wrote:

> hi everyone,
>
> i would like to customize an edit action: i would like to disallow the
> modification of a field from user that has not a credential:
>
> i can disallow the edition of a field for all users:
> config:
>  form:
>    display:
>      NONE:     [article_id]
>      Editable: [author, content, created_at]
>
>
> or disallow an action if the user doesn't have a credential:
>    config:
>      actions:
>        edit:   { credentials: [arti] }
>        delete: { credentials: [arti] }
>
> but how to mix these 2 constraints ? (disallow a field modification
> for a user that doesn't have a credential)
>
> thanks.
>
> --
>
>

Actually it is implemented in the generator.yml.
Also you don't have to do user checking in the form for field presentation
purposes. As said it's better to create as many sybclasses of the main form
as you need. One for different views of the model.

>From the book  Chapter 14: Admin
Generator                                              269
         Restricting User Actions Using Credentials
        For a given administration module, the available fields and
interactions can vary according to
        the credentials of the logged user (refer to Chapter 6 for a
description of symfony’s security
        features).
        The fields in the generator can take a credentials parameter into
account so as to appear
        only to users who have the proper credential. This works for the
list entry. Additionally, the
        generator can also hide interactions according to credentials.
Listing 14-37 demonstrates
        these features.
Listing 14-37 - Using Credentials in generator.yml
config:
# The id column is displayed only for users with the admin credential
  list:
  title:             List of Articles
  display:             [id, =title, content, nb_comments]
    fields:
      id:               { credentials: [admin] }
  # The addcomment interaction is restricted to the users with the admin
credential
  actions:
     addcomment: { credentials: [admin] }

-- 
You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-us...@googlegroups.com.
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en.

Reply via email to