Thanks for the clarification, but still, users aren't allowed to edit
only themeselves with this method.
If I dot this :
$this->Auth->allow('edit');
any user can edit any other user.
I want them to only edit their own account. If logged user id is 4, I
want him to be only able to edit User account with id 4.
I don't know if I'm clear when explaining this, sorry.
Thanks !
On 15 jan, 21:46, jeremyharris <[email protected]> wrote:
> Your last post says that if the logged in user equals the user id set on
> the model (wherever you set that), to let them have access. This is
> contradictory to what you said: "users can't edit any profiles"
>
> Your isAuthorized action should be really simple then.
>
> public function isAuthorized() {
> // assuming 1 for admin - there are better ways to check this
> if ($this->Auth->user('group_id') === 1) {
> return true; //admin can do anything}
>
> return false; // users can do nothing
>
> }
>
> Then in your beforeFilters for actions that users *can* do:
>
> // in users controller
> public function beforeFilter() {
> $this->Auth->allow('view'); // users can get to the UsersController::view()
> action
> parent::beforeFilter();
>
> }
>
> Allowing the action will tell the Auth component not to check isAuthorized
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
