I agree with Günther: Hiding is the best. for all named reasons.
I am still struggling with acl and auth. Until now i did it very roughly in my
menues like this:
$usergruppe = $session->read('User.Gruppe.id');
//echo $usergruppe;
switch($usergruppe){
case 2:
$admin = true;
$master = true;
break;
case 10:
$master = true;
break;
case 11:
$master = true;
break;
case 15:
$master = true;
break;
}
?>
if($master){ ?>
<span class="menuitem"> <?php echo
$html->link('Master',array('controller'=>'hotelmasters',
'admin'=>false),$linkformat); ?></span> |
<?}
Etc....
Quite crude, I know..... So a more elegant solution is appreciated.
Anja
-----Ursprüngliche Nachricht-----
Von: cake-php@googlegroups.com [mailto:[EMAIL PROTECTED] Im Auftrag von dr.
Hannibal Lecter
Gesendet: Freitag, 14. November 2008 18:09
An: CakePHP
Betreff: best practices: disable/hide links which are denied by ACL?
Hi all,
I'm halfway through the ACL implementation (well, almost...), and I was
wondering: is it better to hide the links which are denied by ACL (we're
talking about the already logged-in user), or show them and give the user the
Auth message "not enough privileges"?
Obviously, hiding all the denied links will make views a bit messier and slower
to run overall, but user interface will be cleaner. Do you think it's worth it?
Please note that I'm not talking just about the admin/regular user views, I'm
talking about custom user groups *and* dynamic permissions.
If you have an opinion, I'd like to hear it!
Thanks in advance!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
