For the list result you join docs and docs token and check that the user tokens are IN the join result. To prevent url changes I suggest 1. use uuid as document id. 2. Create a function in the database that take user_id and doc_id and return true/false Call this function in documents/view or edit.
On Thu, Sep 15, 2011 at 5:59 PM, Timmay <tim.smi...@gmail.com> wrote: > the example I gave is a simplified version of the real situation. > > The real situation is that a user has two sets of tokens (lets say A > and B). > These properties are stored in another table, named user_tokens. > > A document also has two sets of tokens (lets also call them A and B). > These properties are stored in a table 'document_tokens'. > > A user is allowed to see the document if: > the user and the document have at least one token in set A in common > and > the user and the document have at least one token in set B in common. > > > On Sep 15, 10:42 am, Zaky Katalan-Ezra <procsh...@gmail.com> wrote: > > How do you save the permissions in the database? > > > > > > > > On Thu, Sep 15, 2011 at 10:53 AM, Timmay <tim.smi...@gmail.com> wrote: > > > Hi all, > > > > > I'm working on a multi user website with a collection of documents. > > > Every user is only allowed to see a subset of the documents. > > > > > I want the Documents model to only return the documents that a user is > > > allowed to see. > > > If a users requests one particular document, and he doesn't have > > > rights to see the document (e.g. he modified the url), I want the > > > model to return nothing. > > > > > Is there an easy way to achieve this? > > > > > -- > > > Our newest site for the community: CakePHP Video Tutorials > > >http://tv.cakephp.org > > > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help > > > others with their CakePHP related questions. > > > > > To unsubscribe from this group, send email to > > > cake-php+unsubscr...@googlegroups.com For more options, visit this > group > > > athttp://groups.google.com/group/cake-php > > > > -- > > Regards, > > Zaky Katalan-Ezra > > QA Administratorwww.IGeneriX.com > > Sites.IGeneriX.com > > 054-7762312 > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group > at http://groups.google.com/group/cake-php > -- Regards, Zaky Katalan-Ezra QA Administrator www.IGeneriX.com Sites.IGeneriX.com 054-7762312 -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php