Secure the removal of an entity with Symfony 2
I'm new to Symfony, and in order to apply what I learned with this
framework, I wanted to build a complete app. I have a Message entity, and
I would like to secure the removal of this entity. Only the user who
created the message and the moderators can remove it. How to secure the
removal ? I mean, in my code I've already written something like
if($message->$user == $this->user || $this->user->isGranted('ROLE_MODO')),
but how to prevent CSRF attack ?
No comments:
Post a Comment