I do not think I'd use ACL for this. I'd do as you suggest and check
the current userid against the create_by userid. Also, I would not
give them an "edit" or "view" link if they aren't allowed to edit/view
it, they would just get confused if the option is there but they can't
use it.
Regards,
Shawn
On Aug 1, 9:41 am, luke BAKING barker <[EMAIL PROTECTED]> wrote:
> Hi
>
> What is the best way in a Cake app to allow a User to
> view/edit (etc) their own Profiles / Posts and so on?
>
> Rather than create a separate ARO (as Ketan Bakery tutorial suggests),
> I need to basically have a separate test in each action I guess
> something like so:
>
> //pseudocode
> function edit($id) {
> ...
> $relevant = $this->Post->read($id);
> if ($this->session->USERID === $relevant['Post']['user_id']) {
>
> // it's OK show them the view}
>
> else {
> // this Post was not by this User , so they cant update it!
> $this->redirect();
>
> }
>
> does that make sense?
>
> I am learning the usage of Acl in 1.2 just now and this is perplexing
> me on how to do this with minimum of fuss.
>
> I don't know if it can be integrated / should be into Acl and Auth
> part of my web-app?
>
> thanks for any advice with this pattern,
>
> regards
>
> Luke
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
