would it be bad form to mix ACL with a specific access check - to go back to the blog example, which I know is a bit too simple to be appropriate, but - would it be wrong to set say all children of the 'members' ARO group had 'read' access to the blogs ACO group, adn then check if the logged in user matched the blog post author ID, or is it better practice to add an ACO for the blog post and match it to the author's ARO with READ/WRITE/UPDATE/DELETE access
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---
