Hi Altaczen You have two issues to deal with here. One is restricting access to functionality (i.e. controllers and actions), the other is restricting access to data.
It is possible to use ACL for both. It is easiest to use ACL to restrict access to controllers and actions. Just have a look at Dauth, or any of the other fine security components in the Bakery. They will all solve that problem for you. It requires a little thought to adapt ACL to control access to data. If you only need to restrict access to a user's profile, then using ACL would be over-kill. You could just code that limitation into the action instead. As for size of Aro Aco tables: yes you will need an Aro record for each user, but you do not need an Aco record for every data record. At worst you only need an Aco record for each user, then create a relationship between the Aco and the data record. This gets complex to explain and to implement (especially when you are dealing with large data sets and user bases) but it does work, without slowing your system down to a crawl. I would strongly recommend that you read up everything you can on ACL, then choose a user authentication system (I prefer Dauth) and play with it. Get a strong understanding of ACL, then you will be able to figure out the best solution for your problem. Hope this helps. Regards, Langdon Alteczen wrote: > I have things setup such that when a user logs in a session is > created. And if i give a user the ability to view his information it > will occur at a url like: > /test/users/view/5 -where 5 is his user id > > My question is how am I able to restrict the user from altering the > url to say /test/users/view/6 and them having the ability to pull up > another users info? > > Is this an ACL issue where I would have to create an Aco for each user > that would allow only that specific user to read their profile? That > would make the aro / aco tables pretty big as your site grows...? Am > I missing something here? > > Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
