I think acl can do the trick, but if you don't want to use it then I
don't see nothing wrong with your approach.
On Sun, Mar 9, 2008 at 12:31 PM, mixersoft <[EMAIL PROTECTED]> wrote:
>
> I've been using othAuth and have also read about Cake ACLs for my app
> (1.2). But now I'm looking at managing public/private access to
> potentially 1000s of photos in a gallery. I don't think you want and
> ACO for each photo, right?
>
> Is there a generally acknowledged best practice for implementing this
> feature?
> Right now, I have it boiled down to a big if statement, but then it
> seems like I am ignoring the whole ACL permissions infrastructure.
>
> If (!$authenticated) // public photos only
> else if ($authenticated && $user_id != $owner_id && role ==
> 'user') // public only
> else if ($authenticated && $user_id ==
> $owner_id) // public & private
> else if ($authenticated && $user_id != $owner_id && role ==
> 'admin' ) // public & private
>
> using $condition=array('Photo.private'=>0) to limit access to private
> photos.
>
> I think I can manage this if statement for now, but looking ahead to
> the situation where owners can invite friends to see their private
> photos, (i.e. $user_id in $owner_friends) it seems like it gets really
> messy.
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
