take a second look and think about it
you might figure out why it is not doing what you expect
but its a logic error of yours not of cake
hint: returning true before actually checking something doesnt end
well :)
On 4 Jan., 16:49, heohni <heidi.anselstet...@consultingteam.de> wrote:
> HI,
>
> I found this function within the 2.0 book and thought that this is
> quite nice so I implemented it.
>
> I my Post Controller I have
> public function isAuthorized($user) {
> if (parent::isAuthorized($user)) {
> return true;
> }
>
> if (in_array($this->action, array('edit', 'delete'))) {
> $postId = $this->request->params['pass'][0];
> return $this->Post->isOwnedBy($postId, $user['id']);
> }
>
> return false;
> }
>
> And in my model I have
> public function isOwnedBy($post, $user) {
> return $this->field('id', array('id' => $post, 'user_id' =>
> $user)) === $post;
> }
>
> And I added a post with user ID 1 and tried to edit while I was logged
> in with user ID 2 and I was able to edit and delete??
>
> How can that be??
>
> Has anyone else noted something like that, too?
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
