Oh you *want* users to be able to edit, but just themselves?
Then the code I posted in the first reply should work. If you want admin to
be able to edit, you can either do a separate action / prefixed action, or
do the check within the method (or a separate function to check).
isAuthorized isn't probably the place for a check like that, since it
doesn't know what the id's you are editing are.
Something like
public function delete($id) {
$id = isEditable($id);
// etc
}
private function isEditable($id) {
if ($this->Auth->user('group_id') == 1) {
// they are admin, so return the original id they wanted to edit
return $id;
}
// they are not admin, so return their user id
return $this->Auth->user('id');
}
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
