take a second look and think about it you might figure out why it is not doing what you expect but its a logic error of yours not of cake
hint: returning true before actually checking something doesnt end well :) On 4 Jan., 16:49, heohni <heidi.anselstet...@consultingteam.de> wrote: > HI, > > I found this function within the 2.0 book and thought that this is > quite nice so I implemented it. > > I my Post Controller I have > public function isAuthorized($user) { > if (parent::isAuthorized($user)) { > return true; > } > > if (in_array($this->action, array('edit', 'delete'))) { > $postId = $this->request->params['pass'][0]; > return $this->Post->isOwnedBy($postId, $user['id']); > } > > return false; > } > > And in my model I have > public function isOwnedBy($post, $user) { > return $this->field('id', array('id' => $post, 'user_id' => > $user)) === $post; > } > > And I added a post with user ID 1 and tried to edit while I was logged > in with user ID 2 and I was able to edit and delete?? > > How can that be?? > > Has anyone else noted something like that, too? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php