-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In an application not at all like a blog, I do both, as (to keep with your blog example) not all of my user's are allowed to modify their own blog posts, but I still need to determine whether a blog post belongs to the current user in order to facilitate UI changes.
[EMAIL PROTECTED] wrote: > would it be bad form to mix ACL with a specific access check - to go > back to the blog example, which I know is a bit too simple to be > appropriate, but - would it be wrong to set say all children of the > 'members' ARO group had 'read' access to the blogs ACO group, adn then > check if the logged in user matched the blog post author ID, or is it > better practice to add an ACO for the blog post and match it to the > author's ARO with READ/WRITE/UPDATE/DELETE access > > > > - -- Darian Anthony Patrick <[EMAIL PROTECTED]> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEPXkJKpzEXPWA4IcRAllJAJ4rGrRvHp3MsqerSmqUyq78WHlx3gCeK6mU +1JInGRPqgF5l1e5x7Mnq1g= =3Qzo -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---
