HI,
I found this function within the 2.0 book and thought that this is
quite nice so I implemented it.
I my Post Controller I have
public function isAuthorized($user) {
if (parent::isAuthorized($user)) {
return true;
}
if (in_array($this->action, array('edit', 'delete'))) {
$postId = $this->request->params['pass'][0];
return $this->Post->isOwnedBy($postId, $user['id']);
}
return false;
}
And in my model I have
public function isOwnedBy($post, $user) {
return $this->field('id', array('id' => $post, 'user_id' =>
$user)) === $post;
}
And I added a post with user ID 1 and tried to edit while I was logged
in with user ID 2 and I was able to edit and delete??
How can that be??
Has anyone else noted something like that, too?
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
