I've been using Auth and ACL in their pure form (and obAuth as well) but I'm interested if there is some flexibility in content access. If we don't do any specific manipulation, edit/delete methods have no restrictions user wise. If we do have some tables f.e. orders, accounts, tickets etc that belong to a user, we could do accounts/edit/ 5 and edit user number five. But we need to specifically do a manual verification if that number 5 account belongs to a user.
Is there any centralized verification for that kind of relations? Probably something in the app_model or setting edit/delete functions with some predefined constraints in the app_controller? It's security unwise, but on the other hand there is no rule for that kind of access rules. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
