Thanks. I am using ACL, but not terribly comfortable with it. I'm still trying to figure out how to make it grant "ownership" of content that is created by one user so only he can see it, or for other content, that is created by a user belonging one department so that other departments can't see stuff that doesn't belong to them (while still allowing users from the managers group to see all the departments they oversee, and superadmins to see everything). At the same time, the concepts of departments is a separate lookup table from the actual groups table for the ACL permissions.
But I digress. I thought ACL only kicked in after the user has authenticated and that before that happens, for unauthenticated guests, you are stuck with whatever Auth allows or denies. On Sep 9, 12:36 pm, cricket <[email protected]> wrote: > On Thu, Sep 9, 2010 at 3:35 PM, cricket <[email protected]> wrote: > > Auth restricts based on actions, while what you're looking for is > > restriction based on request parameters. Fortunately, in your specific > > case, there's a simple solution: > > > public function beforeFilter() > > { > > $this->Auth->deny('*'); > > > if (TEST) > > { > > $this->Auth->allowedActions = array('display'); > > } > > } > > > Where TEST has a look at $this->params to see if the requested page is > > the one you want to allow. > > I meant to add that you should consider ACL if the allowed content > grows much beyond just that single page. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
