Hello,
I`m building simple web app with users, profiles and so on.
I`m using Auth Component for user authentication.
I ran into a problem - how to prevent logged user from i.e. editing
another user profile?
It turns out that Auth Component is capable of simple authorization
without the need for complicated ACL stuff.
So I`m doing something like this:
app_controller.php:
$this->Auth->authorize = 'controller';
function isAuthorized() {
//do not allow user to edit someone`s else profile
if ($this->action=='edit') {
if ($this->Auth->user('id') != $this->params['pass'][0]) { return
false; }
}
return true;
}
My question is: is this correct approach? Maybe I should authorize
against model? If yes - how would you do it ?
Regards,
Grzegorz
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
