Hello, I`m building simple web app with users, profiles and so on.
I`m using Auth Component for user authentication. I ran into a problem - how to prevent logged user from i.e. editing another user profile? It turns out that Auth Component is capable of simple authorization without the need for complicated ACL stuff. So I`m doing something like this: app_controller.php: $this->Auth->authorize = 'controller'; function isAuthorized() { //do not allow user to edit someone`s else profile if ($this->action=='edit') { if ($this->Auth->user('id') != $this->params['pass'][0]) { return false; } } return true; } My question is: is this correct approach? Maybe I should authorize against model? If yes - how would you do it ? Regards, Grzegorz --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---