I suppose you want the http://www.myapp.com/controller/action/5 to be accessed only with the owner of this.If this is what you might want to this particular url will help you http://aranworld.com/article/189/cakephp-acl-and-auth-record-level-protection-and-crud
Hope it helps, regards Paulos 2009/6/25 DigitalDude <[email protected]> > > Hey, > > In my app I have the following ACL issue: > > All actions/controllers are secured by ACL and a user should only see > pages when he is logged in. This works fine in general, but I > discovered a weird error today which is given me a headache: > > When you enter the url > > http://www.myapp.com/controller/action > > the user is redirected to the login, which is exactly what I want. > > But if the user types in this, e.g. to edit an article or sth like > that: > > http://www.myapp.com/controller/action/5 > > the ACL does NOT deny the access to the page and everyone can view the > contents of the page! > > This is a horrible security issue and I gotta fix it ASAP, so I'd be > very happy if someone could point me to the right direction so I can > solve this big problem! > > Thx in advance, > > DD > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
