You must write the business logic by yourself, or add a permission (in Auth) to just allow some records.
On Wed, Dec 26, 2012 at 1:43 PM, António Ramos <[email protected]> wrote: > hello > i have a controller that filters what the user can see. > > the view show some links to record. > > for example the user A can only see one button to access a record > the button has this link > http://127.0.0.1:8000/EmpreiteirosA/default/showemp/7 > > but if the user changes the url by hand to end for example with 8 he can see > record 8 > > how to prevent this the best way? > > > thank you > > António > > -- > > > --
