Hi there,
looks like you did a good job establishing your authentication mecanism,
but you don't accually do any thing with these functions, how would it know.
you're supposed to use the function isAuthorized that's in your Post
controller in each action you like to give some role restrictions, i.e.,
your edit action in the posts controller.
On Wednesday, January 4, 2012 5:49:41 PM UTC+2, heohni wrote:
>
> HI,
>
> I found this function within the 2.0 book and thought that this is
> quite nice so I implemented it.
>
> I my Post Controller I have
> public function isAuthorized($user) {
> if (parent::isAuthorized($user)) {
> return true;
> }
>
> if (in_array($this->action, array('edit', 'delete'))) {
> $postId = $this->request->params['pass'][0];
> return $this->Post->isOwnedBy($postId, $user['id']);
> }
>
> return false;
> }
>
> And in my model I have
> public function isOwnedBy($post, $user) {
> return $this->field('id', array('id' => $post, 'user_id' =>
> $user)) === $post;
> }
>
> And I added a post with user ID 1 and tried to edit while I was logged
> in with user ID 2 and I was able to edit and delete??
>
> How can that be??
>
> Has anyone else noted something like that, too?
--
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en-US.
