Hi,
bit new to ACL and having some problems when I want to check for
permissions before deleting a post using the ACL setup from
http://bakery.cakephp.org/articles/view/how-to-use-acl-in-1-2-x. Is it
possible to check permissions using the foreign_key if no alias is
present?
In the Post/view action I have the following check:
if(@$this->Acl->check('User::'.$this->Session-
>read('Auth.User.id'),'User::'.$post[0]['Post']['user_id'],'*')){
$this->set('owner',true);
} else{
$this->set('owner',false);
}
if true a link is displayed in the view to the Post/delete action
which looks like this
function delete($id = null)
{
if ($id == null)
{
// Error
exit;
}
if ($this->Acl->check('User::'.$this->Session-
>read('Auth.User.id'), $id, 'delete'))
{
$this->flash('allowed','/post/view/'.$id);
}
else {
$this->flash('denied','/post/view/'.$id);
}
}
the $id is the same as the foreign_key in the ACO table, the alias
column is blank for posts so how to I perform the check without an
alias?
The code for saving a post looks like this
if($this->Post->save($this->data))
{
// ACL
$aroNode = array(
'model' => 'User',
'foreign_key' => $id
);
$acoNode = array(
'model' => 'Post',
'foreign_key' => $this->Post-
>getLastInsertID(),
// 'alias' => 'Post::'.$this->Post-
>getLastInsertID()
);
$this->Acl->allow($aroNode,$acoNode,'*');
}
the out-commented line is my attempt to save an alias as well but it
didn't work...
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
