HI, I found this function within the 2.0 book and thought that this is quite nice so I implemented it.
I my Post Controller I have public function isAuthorized($user) { if (parent::isAuthorized($user)) { return true; } if (in_array($this->action, array('edit', 'delete'))) { $postId = $this->request->params['pass'][0]; return $this->Post->isOwnedBy($postId, $user['id']); } return false; } And in my model I have public function isOwnedBy($post, $user) { return $this->field('id', array('id' => $post, 'user_id' => $user)) === $post; } And I added a post with user ID 1 and tried to edit while I was logged in with user ID 2 and I was able to edit and delete?? How can that be?? Has anyone else noted something like that, too? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php