I'd put the code deeper, in the Order (or even Cart if you've using a cart metaphor) model in the beforeSave() callback or perhaps as a validation rule to prevent purchases for those link directly to the product.
On Wed, Jul 8, 2009 at 6:32 PM, Jon Bennett<jmbenn...@gmail.com> wrote: > >> I have question on the best way of applying rules to types of actions >> on certain models with ownership properties. The application I'm >> building is a type of market place application where users are selling >> many items and others can bid on them and buy them. >> >> I understand that ACL is best for giving permission for request >> objects to access control objects. >> >> Where and how is the best way to implement the rule such that I can >> buy anyone's stuff but my own? Does ACL have support for complex >> rules on access? >> >> The models look like this: >> User hasMany Item >> Item belongsTo User > > Why not exclude the active (signed in) users id when retrieving items? > > $items = $this->Item->find('all', array( > 'conditions'=>array('Item.user_id !'=>$this->Auth->user('id')) > )); > > hth > > Jon > > -- > > jon bennett > w: http://www.jben.net/ > iChat (AIM): jbendotnet Skype: jon-bennett > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---