You can either use ACL or, simpler, just check the User.id when
fetching the courses. You can either fetch the course by ID, then
check its user_id matches $this->Auth->user('id') (if you're using
Auth). Or, use find() instead of read() and add another condition:
'Course.id' => $id,
'Course.user_id' => $this->Auth->user('id')
On Mon, May 18, 2009 at 1:03 PM, Brian Lee <brianleeu...@gmail.com> wrote:
>
> So, here is how my application works:
>
> 1. I have users (just like any other apps)
> 2. I have courses that each user can create
>
> Upon login, user will view the list of courses that she created.
> I got that to work.
>
> However, now the problem is, I don't know the simple, neat way to
> block user from accessing classes that she did not create. For
> instance, Bob created courses that have IDs of 1, 2, 3. Jane has
> courses with IDs of 4, 5, 6. How do I stop Bob from doing something
> like localhost/courses/view/4 (trying to view Jane's course)? and
> prevent Jane from doing the same for Bob's courses?
>
> I am sure that there is very neat way to do it, because this is a
> problem often comes up when developing web applications. I just want
> to know the CakePHP way of doing this.
>
> Thanks!
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
