I'm implementing an authentication & authorization system. I do a permission check in beforeFilter of my AppController. If the logged-in user has permission to use the current controller & action, beforeFilter just returns. If the logged-in user does not have permission to use the current controller & action, beforeFilter uses $this->redirect() to send the user somewhere else.
The problem is that even if I redirect the user somewhere else in beforeFilter, the controller action still gets executed. This doesn't matter for actions like /users/edit/1 or /posts/index, but it is catastrophic for /users/delete/1 - so any user can delete any other user! I want to avoid explicitly calling a checkPermission() function at the beginning of every action in my app - that's just error-prone. Is there any way to make beforeFilter not continue execution of the controller action? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---
