Hi Paulo: You are describing row-level access control, and I am doing that with CakePHP 2.0 using a modified version of Daniel Vecchiato's WhoDidIt Model Behavior (https://github.com/danfreak/4cakephp/tree/master/models/behaviors). Then I check in the controller to see if the id in the table for the person who created the record matches the id of the person who is trying to modify it. - Rob
On Sunday, December 23, 2012 4:01:28 PM UTC-5, Paulo Braga wrote: > > Hi people. > > I am using cakephp 2.x, and I am trying to build a system with group > permissions, ok, I used Acl and Auth component without problem. > > Now I want to configure access to specific data. for example: > > we have a blog app, and we have users, posts, etc. > an admin can do anything(no problems); > a post is posted by a user. (some problems here); > > With acl I configured that admin group can do anything. and that user > group can just do anything in posts(add, list, edit, delete). everything is > working. > > But I dont want a user to edit,delete,list posts that were not created by > him. > > I used to do it with the method isAuthorized(), but imagining a big app, I > think it will be too hard to codify it. > > is there a "clean" way to do it??? > > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en.
