I have had the same requirement, and ACL was "a bit heavy" for me too. Plus I am too green to understand it.
Check out this tutorial that really helped me: http://teknoid.wordpress.com/2009/04/22/simplistic-example-of-row-level-access-control-with-auth-security-and-app-model-in-cakephp/ I have applied the techniques in that tutorial, along with some relationships amongst my tables. My project involves distributors who own dealerships, the dealers have technicians and services. I want the admin group members to see all, the distributor group members to see only their distributor(s) plus only their associated dealers, technicians, and services. It takes a little coding in the controller but works very well. I can post a sample of the code if you like. I'm sure there will be some constructive criticism of the code, which I need to improve my coding style with Cake. On Sep 2, 9:41 am, brian <[email protected]> wrote: > ACL might be a bit heavy for this. You can achieve this by using admin > routing and AuthComponent. In your non-admin actions, just ensure that > your conditions check for the user_id so that only books belonging to > that user can be edited, deleted, etc. For example: > > 'conditions' => array('Book.user_id' => $this->Auth->user('id')) > > For editing a Book, pass the id as normal but check it first against > the IDs of all books owned by the user. When a user logs in, grab the > book IDs and store them in the session to make this easier. > > For the admin pages, of course, leave out this condition. > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
