I looked into the acl classes but i´m not sure if i should use that.
the additional 3 db queries might be a slow down and i don´t need
rights/group inheritance right now.
i´m thinking if using the following setup instead and maybe someone
can give me a feedback or hint of this is ok.
- each table has an extra field named user_id
- after the login the user id is saved in the session
- the app_controller checks for the session hash (like in the tutorial)
- app_controller has an extra function which returns the user_id from
the session, so it is available in each class ( function userId() )
- the editpages have a hidden field which is populated with the current
user ID and so saved with the record.
- when reading records im using findAll with a condition:
$this->Customer->findAll('Customer.user_id
='.$this->userId(),null,'last_name ASC')
i´m not sure if using the user id is save enough. could it be possible
that someone changes the cookie value to another user id ? or does the
session somehow provides security to this?
Another approach could be the generation of a persistent hash for each
user saved in the user table.
How could a before filter in each controller look like, so the check
for the right records would not have to be in each crud function?
thanks for ideas and input.
george
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/cake-php
-~----------~----~----~----~------~----~------~--~---
