On Jun 9, 4:35 am, Ketan Patel <[EMAIL PROTECTED]> wrote: > I have a site where a user creates certain items. I want that user > himself can CRUD his own profile and other users can only READ this > user profile. Similarly, the user who created the item has CRUD rights > over that item and other users can only READ. Is ACL an overkill for > such simple task or should I simply cook up something on my own which > would do this job. I can do it, its just that I am not sure if I > should use ACL or my own checking to do the above control. > > What do you guys suggest? Hi Ketan, I'd recommend using ACL as well. One addition above and beyond the usual, I wouldn't recommend creating rules which are of the form "Bob can * Bob's profile", "Public can view Bob's profile" (you probably wouldn't have the latter - you'd define it as public can view profiles in general, it's just to clarify what the * is). It's the logical way to do things as far as ACL goes but means you have a /lot/ of rules to describe that the owner of a profile can do anything. I wrote about a solution before here: http://groups.google.com/group/cake-php/msg/2e5bd958d4be3ddd based on what I have written before here (note that I did away completely with the "actions" parameter) http://www.noswad.me.uk/MiBlog/ACLPart1, the code for which is available here: http://cakeforge.org/projects/acl-admin/ (1.1 only) This would mean that you could if you want have the following minimum acl objects: aros: PUBLIC USERS (i.e. just 2, of course you can create an aro for each user) the following acos (which are based on the controller/action/ parameters needed to access a function): users:profile users:profile:view users:profile:owner_edit and the following rules: PUBLIC can 'do' users:profile:view USERS can 'do' users:profile:owner_edit Whether the exact solution I wrote is to your taste, I hth, AD --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
