I know there are some people who like to set up Auth from the start
but, for complex stuff, I prefer to just get the thing working first
and then go back and set up authoriastion. I guess it's obvious that
one wants to be really careful in that step to make sure there are no
holes left open.
For your situation, you'll eventually want to ensure that only
logged-in users can hit the edit() method. And, then, only do a
Model->read() using the id from $this->Session->read('User.id'). Don't
try to pass the $id as a param.
And don't use the regular edit() method as an admin. Set up an
admin_edit($id = null) method and use Auth to ensure the user is an
admin. Next step is to make sure $id isn't null, of course.
As for querying and viewing your info from associated models, look
into the Containable behavior. It really is a joy to use (mostly). If
you're researching online, anything you see about Bindable should
maybe still be read to get a general idea about the issue but keep in
mind that that's been superceded by Containable.
On Wed, Jan 7, 2009 at 3:13 PM, Chad Casselman <[email protected]> wrote:
>
> I am working on a complex app (for me) and at the same time I have yet
> to grasp how to use Auth correctly.
>
> I writing your basic social network (for argument sakes) and will
> need to allow users to only edit their own profile with some global
> admins as well.
>
> I have no clue how to do that with Auth or how to handle the recursive
> friends, nested comments, etc. so I thought to just build the app
> first and then come back to integrate Auth. Or is that a mistake and
> I need to get Auth working first?
>
> I know there are tons of tutorial out there, but most seem to just
> stop and not tell me how to integrate/tie in commands within the
> program. Say I want the view to display only a subset of information
> for a particular group of users. I have yet to find anything that
> helps with that.
>
> All suggestions and recommendation are welcome.
>
> Chad
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
