If you use the Auth component the default is to deny all actions. You can allow access to actions on the fly with $this->Auth- >allow('someAction') in a beforeFilter.
So, maybe wrapping the allow method in your own conditional to test for group membership or ownership etc. is what you are looking for. I do this in some cases. ~Billy --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---