Hi all,
I have a working setup of ACL + Auth (CRUD mode) in top of my (let's
say) Roles, Users and Post models.
When somebody requests a Post, access is granted or denied depending
on the user's role. That's great! I added *no new logic* to my
controllers to do that. Cake automagically asks the database to check
the CRUD priviledges for that role. I love it.
Now, let's allow a user to edit his profile and nobody else's...
When a new user is added, a new ACO is created. But when that single
record is accessed, Cake is not automatically checking permissions for
that particular record. I have to do it by myself in the controller:
function edit($username) {
$user = $this->User->findByLogin($username);
$access = $this->Acl->check(
array('model' => 'User', 'foreign_key' => $this->Session-
>read('Auth.id'),
array('model '=> 'Profile', 'foreign_key' => $user['User']['id'],
);
exit($access = 'OK' : 'KO')
}
This was discussed before in
http://groups.google.com/group/cake-php/browse_thread/thread/5a4beaad58a4e4f3/bda724bd9bfe07ca
, where other people were interested in this topic, but no best-
practice solution was given.
I just wan't to know if the described approach is OK or if there is a
better solution.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
