I've been using othAuth and have also read about Cake ACLs for my app
(1.2). But now I'm looking at managing public/private access to
potentially 1000s of photos in a gallery. I don't think you want and
ACO for each photo, right?
Is there a generally acknowledged best practice for implementing this
feature?
Right now, I have it boiled down to a big if statement, but then it
seems like I am ignoring the whole ACL permissions infrastructure.
If (!$authenticated) // public photos only
else if ($authenticated && $user_id != $owner_id && role ==
'user') // public only
else if ($authenticated && $user_id ==
$owner_id) // public & private
else if ($authenticated && $user_id != $owner_id && role ==
'admin' ) // public & private
using $condition=array('Photo.private'=>0) to limit access to private
photos.
I think I can manage this if statement for now, but looking ahead to
the situation where owners can invite friends to see their private
photos, (i.e. $user_id in $owner_friends) it seems like it gets really
messy.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
