I guess this would depend on your models, and how they're associated with a particular User. You could write a routine in AppModel::beforeSave() that checks for existence of $data[$this->alias]['user_id'] and, if there, check that against the session ..
Wait--can't get the session from the model. Another tack would be to use SecurityComponent, which will add a hidden field to your forms that will ensure that your other hidden fields haven't been changed. So, you could then check the session in your controller action before even displaying the form. http://book.cakephp.org/view/175/Security-Component On Fri, Mar 27, 2009 at 9:05 PM, Aurelius <[email protected]> wrote: > > I'm working about 2 month with Cake, but its my first bigger app. > I want to write my own security function which would check before each > save() if the save model is associated to the logged in user, what > would be the best way to do that? > > My Ideas till now: > a beforeSave() function in Appmodel: > + DRY > + relative secure > - if I use more than one save() its inefficient (I have up till 8 on > one page) > - I don't have a clue how I can check newly created ones with no id > > a beforeSave(9 in each Modell: > - even more crappy than above > > a validation-function in the controller > - not DRY > - more code > + could work with allready readed data > > I believe that there must be more peaple out there with the same > problem, are there any finished solutions? > > Any Ideas or thoughts are welcome! > > thx > Aurelius > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
