JMSSecurityExtraBundle icon indicating copy to clipboard operation
JMSSecurityExtraBundle copied to clipboard

Published 20 hours ago verified publisher icon schmittjoh

Check ownership in REST method

Open nass600 opened this issue 12 years ago • 0 comments

Hi there.

I have a rest controller driven by FOSRestBundle where live two methods:

  • getUsers: /api/secured/users (retrieve all users in the system)
  • getUser: /api/secured/users/{id} (retrieve only the user with id = {id})

Both, must be accessed by ROLE_ADMIN but in addition, the method getUser, must be accessed by the user information itself. This means, once the user has logged in via Wsse and having its id I wanto make a rest call to get the full information about it.

This check can be done inside the controller by getting the user from the generated token and comparing it to the id you pass in the method but, is there any other way to do such check, for instance, in config.yml? Or maybe any special ROLE_MYSELF out of the box?

Thank you

nass600 avatar Jan 25 '13 10:01 nass600