On Mon, Dec 27, 2010 at 4:54 PM, Dave Maharaj <[email protected]> wrote:
> Is there a better way to check if person requesting a record is the owner?
>
>
>
> I am currently doing this for checking but is there a better cleaner way?
>
>
>
> ********EXAMPLE**********
>
>
>
> function edit( $id = null) {
>
> //attempt to get the record belonging to Auth->User
>
> //basically just a find->(‘first’ , where user_id => Auth and id => $id )
>
> $record = $this->User->__getUserRecord( $this->Auth->user( 'id' ), $id );
>
>
>
> if ( empty( $record )) {
>
> //no record found see ya later
>
> $this->Session->destroy();
>
> //redirect or whatever
>
> }
>
>
>
> if ( !empty ( $record ) ) {
>
> //record belong to Auth User
>
> $this->set( 'data' , $record );
>
> //do whatever
>
> }
>
Don't bother passing the $id at all. Just get it from
$this->Auth->user('id'). And don't 'allow' this method. That way,
there must be an id returned.
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
