That works only if the model is DIRECTLY associated with Users, but not e.g. here:
User hasMany Blogs hasMany Entries I can't believe theres no standard-function for this, isn't is one of the normallest things, that there can be User, which have stuff to edit, but ONLY there one (=99% of big websites) thx Aurelius On 28 Mrz., 14:58, JamesF <[email protected]> wrote: > whoops hit enter too quick: > > continuing the function > -------------------------------- > > if ($this->Model->data['Model']['user_id'] == $auth_id ) // make sure > to use == not = > > { > //render logic if authorized > > } > > else > > { > > $this->redirect('/'); //redirect unauthorized > > now this all breaks down when using validation on your forms > im still working on that part! =] > > hope this is a start > > } > > On Mar 28, 9:54 am, JamesF <[email protected]> wrote: > > > first make sure the thing you are saving has a foreign key with the > > user id associated with it. > > i usually would deny access with the Auth component to the action that > > i don't want a non logged in user to use. > > > simple acl to check if the record belongs to current logged in user: > > > put some kind of check in your action to read the user_id of the > > record you are about to load....if it fails use cakes' redirect > > function redirect the user to a location of some kind. if it passes > > allow the record to be displayed. > > > i.e. > > > function read ($id = null) > > { > > $this->Model->id = $id; //gets id of item from url parameter > > $auth_id = $this->Auth->user('id'); //make sure your controller is > > using Auth or this wont work) > > > $this->Model->read(); // reads record > > > On Mar 27, 9:05 pm, Aurelius <[email protected]> wrote: > > > > I'm working about 2 month with Cake, but its my first bigger app. > > > I want to write my own security function which would check before each > > > save() if the save model is associated to the logged in user, what > > > would be the best way to do that? > > > > My Ideas till now: > > > a beforeSave() function in Appmodel: > > > + DRY > > > + relative secure > > > - if I use more than one save() its inefficient (I have up till 8 on > > > one page) > > > - I don't have a clue how I can check newly created ones with no id > > > > a beforeSave(9 in each Modell: > > > - even more crappy than above > > > > a validation-function in the controller > > > - not DRY > > > - more code > > > + could work with allready readed data > > > > I believe that there must be more peaple out there with the same > > > problem, are there any finished solutions? > > > > Any Ideas or thoughts are welcome! > > > > thx > > > Aurelius --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
