Are you returning false from beforeFilter? On 8/8/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > I'm implementing an authentication & authorization system. I do a > permission check in beforeFilter of my AppController. If the logged-in > user has permission to use the current controller & action, > beforeFilter just returns. If the logged-in user does not have > permission to use the current controller & action, beforeFilter uses > $this->redirect() to send the user somewhere else. > > The problem is that even if I redirect the user somewhere else in > beforeFilter, the controller action still gets executed. This doesn't > matter for actions like /users/edit/1 or /posts/index, but it is > catastrophic for /users/delete/1 - so any user can delete any other > user! > > I want to avoid explicitly calling a checkPermission() function at the > beginning of every action in my app - that's just error-prone. Is > there any way to make beforeFilter not continue execution of the > controller action? > > > > >
-- Armando Sosa www.nolimit-studio.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---
