> I'd put the code deeper, in the Order (or even Cart if you've using a > cart metaphor) model in the beforeSave() callback or perhaps as a > validation rule to prevent purchases for those link directly to the > product.
Yep, good idea, but also a good idea to simply not show active users their own items. Or not show the add to basket (or similar) button if the item has a user_id that matches. j > > On Wed, Jul 8, 2009 at 6:32 PM, Jon Bennett<[email protected]> wrote: >> >>> I have question on the best way of applying rules to types of actions >>> on certain models with ownership properties. The application I'm >>> building is a type of market place application where users are selling >>> many items and others can bid on them and buy them. >>> >>> I understand that ACL is best for giving permission for request >>> objects to access control objects. >>> >>> Where and how is the best way to implement the rule such that I can >>> buy anyone's stuff but my own? Does ACL have support for complex >>> rules on access? >>> >>> The models look like this: >>> User hasMany Item >>> Item belongsTo User >> >> Why not exclude the active (signed in) users id when retrieving items? >> >> $items = $this->Item->find('all', array( >> 'conditions'=>array('Item.user_id !'=>$this->Auth->user('id')) >> )); >> >> hth >> >> Jon >> >> -- >> >> jon bennett >> w: http://www.jben.net/ >> iChat (AIM): jbendotnet Skype: jon-bennett >> >> > >> > > > > -- jon bennett w: http://www.jben.net/ iChat (AIM): jbendotnet Skype: jon-bennett --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
