You can add a user_id to your post or whatever you want users/admins to delete. then you can use the afterFind to determine if the user can or can't do actions on that record.
Hope this helps! should be easy to implement ;) On 24 apr, 09:28, Pankaj Agrawal <[email protected]> wrote: > Hi, > > I feel this is a must feature and should already be there. But after a > lot of searching I could only find ways to restrict users to > particular actions like view, add, delete. > > I have Baked CURD pages for all my tables that are associated. > > What I want is to be able to allow a particular user to be able to > list/view/edit/update/delete his own posts/profile etc only. > > An Admin to be be able to list/view/edit/update/delete only his own > users and posts from his own users only. > > And a particular admin to be able to do everything. > > I am not able to find a way which can let any db query to be > restricted to certain conditions that specifies the ownership for the > user. For a direct php query it would be comparatively simple with > some extra where clause. > > I did a lot of searching but I am so far disappointed regarding this > feature which is probably the core of any site. > > Thanks for all your help. > > - Pankaj -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
