On Fri, Jul 10, 2009 at 9:31 AM, Jon Bennett<[email protected]> wrote: > >> Yes, put a validation check in the model for sure. But don't exclude >> anything from find(), just check before adding the "buy" button (or >> whatever). ACL for this would be overkill. > > Why shouldn't you exclude things from find? Why give people the option > to add something they can't, surely that just leads to annoyance?
Shop owners are going to want to pull up their products, even if to just brag to a colleague. If they don't see it? *ring* *ring* "omg! My products are gone!" > Either that or don't show the buy button if the row you're outputting > has the same user id as the active user. Yup, and also handling it in the Cart/Order/Whatever model's beforeSave(), just in case you write some new actions/views somewhere where you're not checking for user id. > > Cheers, > > Jon > > -- > > jon bennett > w: http://www.jben.net/ > iChat (AIM): jbendotnet Skype: jon-bennett > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
