You can either use ACL or, simpler, just check the User.id when fetching the courses. You can either fetch the course by ID, then check its user_id matches $this->Auth->user('id') (if you're using Auth). Or, use find() instead of read() and add another condition:
'Course.id' => $id, 'Course.user_id' => $this->Auth->user('id') On Mon, May 18, 2009 at 1:03 PM, Brian Lee <brianleeu...@gmail.com> wrote: > > So, here is how my application works: > > 1. I have users (just like any other apps) > 2. I have courses that each user can create > > Upon login, user will view the list of courses that she created. > I got that to work. > > However, now the problem is, I don't know the simple, neat way to > block user from accessing classes that she did not create. For > instance, Bob created courses that have IDs of 1, 2, 3. Jane has > courses with IDs of 4, 5, 6. How do I stop Bob from doing something > like localhost/courses/view/4 (trying to view Jane's course)? and > prevent Jane from doing the same for Bob's courses? > > I am sure that there is very neat way to do it, because this is a > problem often comes up when developing web applications. I just want > to know the CakePHP way of doing this. > > Thanks! > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---