I'm creating my own blog engine to learn Symfony, and I have a question :
I can add and edit users thanks to the sfGuardUser module, but how can I allow users to edit only their reccord ?
Users should have access to a page allowing them to edit their email, name, password, and Profile.
Any ideas ?
In the action where the profile is updated you retrieve the users object via the getId() method and apply the changes on the returning object.
$user = sfGuardUserPeer::retrieveByPK(
$this->getUser()->getGuardUser()->getId()
);
I found the following code, will try it tonight.
class sfGuardUserActions extends autoSfGuardUserActions {
public function executeEdit(sfWebRequest $request) {
$this->checkPerm($request);
parent::executeEdit($request);
}
public function checkPerm(sfWebRequest $request) {
$id = $request->getParameter('id');
$user = sfContext::getInstance()->getUser();
$user_id = $user->getGuardUser()->getId();
if ($id != $user_id && !($user->hasCredential('admin'))) {
$this->redirect('sfGuardAuth/secure');
}
} }