I am in the process of using as an example to achieve something similar: http://stackoverflow.com/questions/3801973/php-symfony-provide-credentials-only-to-owner-of-object
Some of my modules have urls with 2 id's in the actions (eg, id and schedule_id) because in part I am creating a scheduling system and a schedule is related to an event .... so I've had to extend the ownership lookup to look at the id column the module name and the additional parameters to check that the ownership of all *_id keys in the url belong to the simple "frontend" user role. I have an admin role that can do anything -- and frontend users that should be able to edit their stuff -- various security.yml files would need to have more or less the following: [[[edit, owner], admin]] saying you have edit permissions and are owner, or you are simply admin. -david On Oct 21, 4:33 am, Tofuwarrior <p...@clearintent.co.uk> wrote: > Hi All, > > I want to implement 'ownership' of various models so that logged in > users only see the stuff they created. > > Does anyone know of a plugin? I was amazed I couldn't find one. > > It must be such a common requirement for users to only see their own > stuff and not that belonging to others. Have I missed something really > obvious. > > Could implement my own in which case a simple object/objecttype/owner > link table would seem to be in order? > > Anyone any thoughts or pointers. > > Thanks, > > TW -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
