I agree with Günther: Hiding is the best. for all named reasons. I am still struggling with acl and auth. Until now i did it very roughly in my menues like this:
$usergruppe = $session->read('User.Gruppe.id'); //echo $usergruppe; switch($usergruppe){ case 2: $admin = true; $master = true; break; case 10: $master = true; break; case 11: $master = true; break; case 15: $master = true; break; } ?> if($master){ ?> <span class="menuitem"> <?php echo $html->link('Master',array('controller'=>'hotelmasters', 'admin'=>false),$linkformat); ?></span> | <?} Etc.... Quite crude, I know..... So a more elegant solution is appreciated. Anja -----Ursprüngliche Nachricht----- Von: cake-php@googlegroups.com [mailto:[EMAIL PROTECTED] Im Auftrag von dr. Hannibal Lecter Gesendet: Freitag, 14. November 2008 18:09 An: CakePHP Betreff: best practices: disable/hide links which are denied by ACL? Hi all, I'm halfway through the ACL implementation (well, almost...), and I was wondering: is it better to hide the links which are denied by ACL (we're talking about the already logged-in user), or show them and give the user the Auth message "not enough privileges"? Obviously, hiding all the denied links will make views a bit messier and slower to run overall, but user interface will be cleaner. Do you think it's worth it? Please note that I'm not talking just about the admin/regular user views, I'm talking about custom user groups *and* dynamic permissions. If you have an opinion, I'd like to hear it! Thanks in advance! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---