I already used that way to solve what I want. I wanted something like "acl
solution", hehe.
Thank you for your answer
Best regards
Paulo
On Tuesday, December 25, 2012 4:53:22 AM UTC+2, zuha wrote:
>
> Is there a reason you don't just do access control in the controller then?
> ie.
>
> if ($this->request->data['User']['creator_id'] == $this->Session->read('
> Auth.User.id')) {
> $this->BlogPost->save($this->request->data);
> }
>
> BTW, Zuha has a behavior called the UsableBehavior which could probably be
> modified to do what you're trying to do with a new function or two added to
> it.
> https://github.com/zuha/Zuha/tree/master/app/Plugin/Users/Model/Behavior
>
>
>
> On Monday, December 24, 2012 6:12:02 PM UTC-5, Paulo Braga wrote:
>>
>> Hi Rob. Thanks for your answer, the behavior is very interesting.
>>
>> I think I did not express myself well, I dont want just to set that a
>> user has only access to the posts he created.
>>
>> I want also to configure for example:
>>
>> We have hotels around a country from the same organization, so in each
>> city there's a manager, and I want a manager to manage just the hotels in
>> his city. but this hotels can be created by another user(admin), is it
>> possible? I did it with isAuthorized() method, but it requires a lot of
>> "code (ugly code)° :p
>>
>> Paulo
>>
>> On Monday, December 24, 2012 3:08:31 PM UTC+2, Rob M wrote:
>>>
>>> Hi Paulo: You are describing row-level access control, and I am doing
>>> that with CakePHP 2.0 using a modified version of Daniel
>>> Vecchiato's WhoDidIt Model Behavior (
>>> https://github.com/danfreak/4cakephp/tree/master/models/behaviors).
>>> Then I check in the controller to see if the id in the table for the person
>>> who created the record matches the id of the person who is trying to modify
>>> it. - Rob
>>>
>>> On Sunday, December 23, 2012 4:01:28 PM UTC-5, Paulo Braga wrote:
>>>>
>>>> Hi people.
>>>>
>>>> I am using cakephp 2.x, and I am trying to build a system with group
>>>> permissions, ok, I used Acl and Auth component without problem.
>>>>
>>>> Now I want to configure access to specific data. for example:
>>>>
>>>> we have a blog app, and we have users, posts, etc.
>>>> an admin can do anything(no problems);
>>>> a post is posted by a user. (some problems here);
>>>>
>>>> With acl I configured that admin group can do anything. and that user
>>>> group can just do anything in posts(add, list, edit, delete). everything
>>>> is
>>>> working.
>>>>
>>>> But I dont want a user to edit,delete,list posts that were not created
>>>> by him.
>>>>
>>>> I used to do it with the method isAuthorized(), but imagining a big
>>>> app, I think it will be too hard to codify it.
>>>>
>>>> is there a "clean" way to do it???
>>>>
>>>>
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
Visit this group at http://groups.google.com/group/cake-php?hl=en.
