I want to build a function to check a users access for specific
actions for different controllers. I have ACL and AUTH set up
restricting the general access to the controllers in question. Its the
specific actions that relate to the owner of the action where I need
to fine tune it and wondering how to go about it the best way.
Controllers;
AGENTS actions -> profile / manage
INVESTORS actions -> profile / manage
POSTS actions ->view / edit / delete
Now an AGENT thru ACL can access:
Their own profile and manage
can view POSTS
view INVESTOR profiles
An INVESTOR thru ACL can access:
Their own profile and manage
can view all POSTS edit thier own POST and DELETE thier own POST
view all AGENT profiles
What have is a check auth if == id ok you can edit your own for both
profile actions but doing it that way prevents
and AGENT from viewing a INVESTOR profile and vice versa. What is the
best way for AGENT profile for example to check if its the owner allow
access or if its any INVESTOR?
if ($user['Agent']['user_id'] == $this->Auth->user('id') || $this-
>Auth->user('group_id' == 4))
saying if this pages agent id who created the page is the same as the
logged in user --OR -- if the logged in user belongs to the INVESTOR
group allow access to view the profile?
Now because this snip will be used in multiple places what would be
the best way to turn it into a function because the group_id will
change depending on the controller. The page where the function might
be called (AGENTS / POSTS / INVESTOR controllers) the group_id will
change depending on the requester.
Ideas? Thoughts? Suggestions?
Thanks,
Dave
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
