David Mintz-2 wrote:
>
> OK, then here's a follow-up question.
>
> I imagine you want the members to be able to edit their own profiles, not
> anyone else's. Do you write a conditional ACL rule with an assertion, or
> check if ( it's their profile) { allow() } ?
>
Hey David,
In all my apps I dont pass vars to any profile edit pages (I lied I do
have some but only admin can do it). The select is hardcoded to their
userid. Now on other apps where a user may post many things I test the
results pulled to make sure they own it.
I dont deny access to the controller because in all actuality they have the
right to edit items. Only their items.
With the new way I wrote my Acl.php plugin I am now forced to create all the
Acl rules for the members now. A side effect yes but one I can deal with.
Im sure as I play with it more I will find a better way :)
Eric
--
View this message in context:
http://www.nabble.com/Acl-Questions-tp22189844p22209829.html
Sent from the Zend Framework mailing list archive at Nabble.com.
