On Mon, Mar 2, 2009 at 11:01 AM, Dolbex <[email protected]> wrote:
>
> Hello fellow bakers!
>
> I have looked around for a while trying to find a 'best practice' on
> securing edits of a hasMany relation. Simple example:
>
> User -> hasMany -> Comments
>
> If I want to allow a user to edit only his/her comments is their a
> good way without having to re-read the record they are editing to
> compare userid's?
You can do this on the initial request.
$this->data = $this->Comment->read(null, $id);
if ($this->data['Comment']['user_id'] != $this->Session->read('User.id'))
{
$this->flash(...)
Store the user_id as a hidden form element. If you're using the
SecurityComponent then it will be difficult to change that.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
