This is a security issue, and not an identity authentication issue.
The Auth component is designed to make it easy to confirm someone's
identity, but not to manage security or permissions for a website. You
could use ACL or do it yourself.
Anytime a user does something that requires a level of security you
should always perform a security check to see if that user has
permissions, and not rely on session data or cookies to cache those
permission rights.
Deleting a user from the Auth database is nothing more then erasing
all history of that user's identity and every association will be
broken. If they created documents, comments, or tasks that are linked.
How will you know that user "xxx" was deleted?
I would recommend adding a field to your user table called "role", and
changing that role field to "disabled". Every action a user can
perform should be verified that their role hasn't changed.
In your AppController in the beforeFilter method you should do the
following.
$this->Auth->authorize = 'controller'
This will tell the Auth component to call isAuthorized for every
request to see if the user can perform the current action in a
controller.
It's in this method that you should look up the current user's role
from the database, and make sure it's not equal to "disabled". If it
is then you should perform a redirect to a message page explain their
access has been restricted, and include information about why and who
they should contact.
For example, in my controller only users with the role of
administrator can access admin pages.
/**
* Called by the Auth component to check if the user has access to
the
* current action.
*/
function isAuthorized()
{
// Check if the params contains the key admin
if (isset($this->params[Configure::read('Routing.admin')]))
{
if ($this->Auth->user('role') !== 'admin')
{
return false;
}
}
return true;
}
Now, my method uses the session information to validate the role.
Which is fine for my website, but if you want real time status you can
perform a simple find on the User table yourself.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
