docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon api-platform

Update security.md

Open RobQuistNL opened this issue 2 years ago • 2 comments

Turns out you can!

~Edit: also turns out the documentation code is broken!~ Edit edit: Turns out I was wrong about it being broken - I had security: 'is_granted("BOOK_CREATE", object)' instead of securityPostDenormalize: 'is_granted("BOOK_CREATE", object)' in my code. :facepalm:

RobQuistNL avatar May 03 '23 13:05 RobQuistNL

Both examples aren't achieving the same thing. You're allowing the current user to list all entries, even if belonging to another user. Filters allow to filter the collection content to retrieve only entries owned by an user.

dunglas avatar May 03 '23 20:05 dunglas

With filters you mean extensions, right? I'll edit the docs to redirect people looking for this stuff to the extensions.

The LIST example is indeed purely just the action of listing. But I now understand that its fine to allow someone to always list, we can then use those extensions to "filter" out any records.

I'll edit the docs accordingly!

RobQuistNL avatar May 04 '23 00:05 RobQuistNL