At the moment I use Auth Component for users to login / logout - ACL is defined to sort between user groups (Guests, Users, Admins) - with obvious restrictions - Admin being able to access everything, the user can only access edit in the users controller and the guest being able to see just the display / index / view etc etc.
Now to prevent users from editing another user - I have a function called isOwner() which essentially checks if you are trying to edit your own profile; and also checks if it is an admin trying to edit. Having read through http://book.cakephp.org/view/1245/Defining-Permissions-Cake-s-Database-ACL - I wondered if it was possible to define this in the ACL? Something along the lines of: $this->Acl->allow(array('model' => 'User', 'foreign_key' => $id), 'Users', 'edit', $id) - though I haven't dug deep enough and I'm assuming I'd have to make some sort of beforeSave() with the above line for each new user registered to be allowed to edit his profile... -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
