On 6 Giu, 16:14, Alvaro Garcia <maxpo...@gmail.com> wrote: > In my doctrine class (lib/model/doctrine/XXX.class.php) I have overwritten > the constructor. > The reason is I need to validate that an user can load this object > (photograph in my case). > Then, when I load a collection of photographs ($photoAlbum->getPhotos()) the > constructor > check the permissions. > > To do it I need that the doctrine class can access to the sfGuardUser. > Is there any possibility for this class to access the user without being > passed as a parameter?
That's a bad idea. You should perform a such control in your controller, not in the model. The object should know anything about the current user. I suggest you to write a method like this one in you model class: public function checkUser(sfGuardUser$user) { return $this->getUser()->getid() == $user->getId(); } and then in you action public function executeFoo(sfWebRequest $request) { $this->object = $this->getRoute()->getObject(); $this->forwardUnless($this->obejct->checkUser($this->getUser()- >getGuardUser()), sfConfig::get('sf_secure_module'), sfConfig::get('sf_secure_action')); } cheers Massimiliano -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en