This link has come up before in the group as a good read on access control for rows in addition to actions (also an alternative to auth/ acl, phpgacl, etc.)
http://www.xaprb.com/blog/2006/08/16/how-to-build-role-based-access-control-in-sql/ On Mar 9, 10:31 am, mixersoft <[EMAIL PROTECTED]> wrote: > I've been using othAuth and have also read about Cake ACLs for my app > (1.2). But now I'm looking at managing public/private access to > potentially 1000s of photos in a gallery. I don't think you want and > ACO for each photo, right? > > Is there a generally acknowledged best practice for implementing this > feature? > Right now, I have it boiled down to a big if statement, but then it > seems like I am ignoring the whole ACL permissions infrastructure. > > If (!$authenticated) // public photos only > else if ($authenticated && $user_id != $owner_id && role == > 'user') // public only > else if ($authenticated && $user_id == > $owner_id) // public & private > else if ($authenticated && $user_id != $owner_id && role == > 'admin' ) // public & private > > using $condition=array('Photo.private'=>0) to limit access to private > photos. > > I think I can manage this if statement for now, but looking ahead to > the situation where owners can invite friends to see their private > photos, (i.e. $user_id in $owner_friends) it seems like it gets really > messy. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
