Ok, I tore my hair out over this for a while and then figured out an
easy solution. I just wanted to share it for others who run into the
same problem. And maybe somebody has an even better solution that I
overlooked.
Problem: Control accessibility to certain parts of a view or layout
using authorization. For example, if there is a 'delete' button, I
only want someone who actually has access to delete to even see the
button.
Wrong Way: My first attempt, after looking all through the
documentation without enlightenment, was to try to load the
AuthComponent into my layout. This just doesn't work well because the
AuthComponent wants a controller, and I didn't want to have to create
a controller also and risk other missing parts.
Solution: So instead, I just decided to pass my controller to the view
using this call from with beforeFilter. I added this into my
AppController so all my controllers would behave the same.
$this->set('controller', $this);
Now in my views and layouts I have $controller and can use the
following authentication call:
$controller->isAuthorized('controllers/MyController/delete')
To make this solution complete for those who need it, here's the
isAuthorized method from my AppController.
function isAuthorized($action=null) {
if(!$action) $action = $this->action;
return $this->Acl->check($this->Auth->user(), $action);
}
I'm curious to hear others' feedback on this approach.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
