On Wed, Jul 8, 2009 at 8:42 PM, GravyFace<[email protected]> wrote: > > I'd go with both: it's never good to rely on hiding things from the UI > -- if you actually fatten up your model (like you should) to include > a check for current user id, you'll be safer in the long run.
Yes, put a validation check in the model for sure. But don't exclude anything from find(), just check before adding the "buy" button (or whatever). ACL for this would be overkill. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
