At the beginning of your action do a forward404Unless(current user is the owner).
On Mon, Feb 8, 2010 at 17:29, wueb <webmaster....@gmail.com> wrote: > Hello buddies, need help! > > On my Edit/Show actions i use the route to get the object to Edit/ > Show. > > Edit: > $this->form = new LeadsForm($this->getRoute()->getObject()); > > Show: > $this->leads = $this->getRoute()->getObject(); > > > All normal here and works fine, but i need something more secure. > > For example: > I'm the owner from the fields on the table with ID=1 and ID=2; Someone > that is no owner from that fields try to "hack" my values, for that he > goes to URL and type: http://localhost/frontend_dev.php/leads/1 > > He will be able to Edit/Show my values. How can i prevent this thing > happen? > > -- > You received this message because you are subscribed to the Google Groups > "symfony users" group. > To post to this group, send email to symfony-us...@googlegroups.com. > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.