Ok, so here is my User model :
public function isEditable($id) {
if ($this->Auth->user('role') == 'admin') {
// if they are admin, so return the original id they
wanted to
edit
return $id;
}
// if they are not admin, so return their user id
return $this->Auth->user('id');
}
and here is my USersController :
public function isAuthorized($user) {
if (parent::isAuthorized($user)) {
return true;
}
if ($this->action === 'edit') {
$id = isEditable($id);
if ($this->Auth->user('id') == $id) {
return true;
}
}
return false;
}
But this returns :
Fatal error: Call to undefined function isEditable() in /app/
Controller/UsersController.php on line 60
I thought it would work this time... Thanks again.
On 16 jan, 02:52, jeremyharris <[email protected]> wrote:
> Oh you *want* users to be able to edit, but just themselves?
>
> Then the code I posted in the first reply should work. If you want admin to
> be able to edit, you can either do a separate action / prefixed action, or
> do the check within the method (or a separate function to check).
> isAuthorized isn't probably the place for a check like that, since it
> doesn't know what the id's you are editing are.
>
> Something like
>
> public function delete($id) {
> $id = isEditable($id);
> // etc
>
> }
>
> private function isEditable($id) {
> if ($this->Auth->user('group_id') == 1) {
> // they are admin, so return the original id they wanted to edit
> return $id;}
>
> // they are not admin, so return their user id
> return $this->Auth->user('id');
>
>
>
>
>
>
>
> }
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
