I use another solution, since the user is logged you do not need to
pass any username to the edit function.
Just pick up the logged user (no need Acl check)...
Just a hint.
Jaime wrote:
> Hi all,
>
> I have a working setup of ACL + Auth (CRUD mode) in top of my (let's
> say) Roles, Users and Post models.
>
> When somebody requests a Post, access is granted or denied depending
> on the user's role. That's great! I added *no new logic* to my
> controllers to do that. Cake automagically asks the database to check
> the CRUD priviledges for that role. I love it.
>
> Now, let's allow a user to edit his profile and nobody else's...
>
> When a new user is added, a new ACO is created. But when that single
> record is accessed, Cake is not automatically checking permissions for
> that particular record. I have to do it by myself in the controller:
>
> function edit($username) {
> $user = $this->User->findByLogin($username);
> $access = $this->Acl->check(
> array('model' => 'User', 'foreign_key' => $this->Session-
> >read('Auth.id'),
> array('model '=> 'Profile', 'foreign_key' => $user['User']['id'],
> );
>
> exit($access = 'OK' : 'KO')
> }
>
> This was discussed before in
> http://groups.google.com/group/cake-php/browse_thread/thread/5a4beaad58a4e4f3/bda724bd9bfe07ca
> , where other people were interested in this topic, but no best-
> practice solution was given.
>
> I just wan't to know if the described approach is OK or if there is a
> better solution.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
