Quite a few ways to go around it, for example you can create something like this in your Site model (or even App Model if using $this->alias)
public function belongsToUser($siteId = null, $userId = null) { $site = $this->find('count', array( 'conditions' => array( 'Site.id' => $siteId, 'Site.user_id' => $userId ) )); return ($site > 0) ? true : false; } Then from your controller you can do something like.. if(! $this->Site->belongsToUser($siteId, $this->Auth->user('id')) { $this->Session->setFlash(__('Sorry that site does not belong to you')); return $this->redirect($this->referer()); } On 29 April 2014 11:08, Gerculy Robert <rgerc...@gmail.com> wrote: > Hi there, > > I'm working on a traffic exchange site and since I'm very new I used this > login script : > http://miftyisbored.com/a-complete-login-and-authentication-application-tutorial-for-cakephp-2-3/ > Everything works nicely. Based on that code I created a few pages ( Add > site, List sites, delete sites) > > My problem is that anyone can delete the websites.( I'm sure this goes > with users - not tested yet ) > > public function delete($id = null) { >> if (!$id) { >> $this->Session->setFlash('Please provide a site id'); >> $this->redirect(array('action'=>'index')); >> } >> >> $this->Site->id = $id; >> if (!$this->Site->exists()) { >> $this->Session->setFlash('Invalid site id provided'); >> $this->redirect(array('action'=>'index')); >> } >> if ($this->Site->saveField('status', 0)) { >> $this->Session->setFlash(__('Site deleted')); >> $this->redirect(array('action' => 'index')); >> } >> $this->Session->setFlash(__('Site was not deleted')); >> $this->redirect(array('action' => 'index')); >> } >> > > This is the code. I tried adding a condition but couldn't make it work. > I also tried a very old solution : > > if($this->Site->user = $this->Session->read('Auth.User.id')){ >> >> // code >> >> }else{ >> echo"die"; >> } >> > > But another fail. > > > -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cake-php+unsubscr...@googlegroups.com. > To post to this group, send email to cake-php@googlegroups.com. > Visit this group at http://groups.google.com/group/cake-php. > For more options, visit https://groups.google.com/d/optout. > -- Kind Regards Stephen Speakman -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.