That's essentially what I'm doing on two web apps. I've got 3 levels
(guest,user,admin) and it seems to work fine for me.
Zoltan
www.nachogrid.ca - Toronto Nachos
On Mar 27, 9:47 pm, Grzesiek <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I`m building simple web app with users, profiles and so on.
>
> I`m using Auth Component for user authentication.
>
> I ran into a problem - how to prevent logged user from i.e. editing
> another user profile?
>
> It turns out that Auth Component is capable of simple authorization
> without the need for complicated ACL stuff.
>
> So I`m doing something like this:
>
> app_controller.php:
>
> $this->Auth->authorize = 'controller';
> function isAuthorized() {
>
> //do not allow user to edit someone`s else profile
> if ($this->action=='edit') {
> if ($this->Auth->user('id') != $this->params['pass'][0]) { return
> false; }
>
> }
>
> return true;
>
> }
>
> My question is: is this correct approach? Maybe I should authorize
> against model? If yes - how would you do it ?
>
> Regards,
> Grzegorz
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
