Thanks Faza - but that doesn't work because that makes the assumption in the view that the group would always have access to that item. Let's say then with ACL you remove that right... all the views where you have that hard-coded logic would then need to be updated, which is the problem I am trying to avoid.
Ideally, ACL would be the one place to go where that is controlled. We currently have an application that is in flux - meaning that there will be different types of free, discounted, and full memberships, along with different levels of administrators. What these users and groups are allowed to do will change over time. I want to minimize the hard-coded stuff, and just ask ACL, can this user do whateverController/whateverMethod, from the view. Sure, if the link is present, and the user clicks on it, I can deny access in the controller (which I do) but that becomes annoying to the end users. If they don't have rights to do a particular action, the link shouldn't be present in the view. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
