I'd go with both: it's never good to rely on hiding things from the UI
-- if you actually fatten up your model (like you should) to include
a check for current user id, you'll be safer in the long run.
On Wed, Jul 8, 2009 at 8:33 PM, brian<bally.z...@gmail.com> wrote:
>
> I agree with Jon about the "buy" button. But don't exclude the User.id
> from the find() or you'll confuse people who can't see their own
> products.
>
> On Wed, Jul 8, 2009 at 8:04 PM, Jon Bennett<jmbenn...@gmail.com> wrote:
>>
>>> I'd put the code deeper, in the Order (or even Cart if you've using a
>>> cart metaphor) model in the beforeSave() callback or perhaps as a
>>> validation rule to prevent purchases for those link directly to the
>>> product.
>>
>> Yep, good idea, but also a good idea to simply not show active users
>> their own items. Or not show the add to basket (or similar) button if
>> the item has a user_id that matches.
>>
>> j
>>
>>>
>>> On Wed, Jul 8, 2009 at 6:32 PM, Jon Bennett<jmbenn...@gmail.com> wrote:
>>>>
>>>>> I have question on the best way of applying rules to types of actions
>>>>> on certain models with ownership properties. The application I'm
>>>>> building is a type of market place application where users are selling
>>>>> many items and others can bid on them and buy them.
>>>>>
>>>>> I understand that ACL is best for giving permission for request
>>>>> objects to access control objects.
>>>>>
>>>>> Where and how is the best way to implement the rule such that I can
>>>>> buy anyone's stuff but my own? Does ACL have support for complex
>>>>> rules on access?
>>>>>
>>>>> The models look like this:
>>>>> User hasMany Item
>>>>> Item belongsTo User
>>>>
>>>> Why not exclude the active (signed in) users id when retrieving items?
>>>>
>>>> $items = $this->Item->find('all', array(
>>>> 'conditions'=>array('Item.user_id !'=>$this->Auth->user('id'))
>>>> ));
>>>>
>>>> hth
>>>>
>>>> Jon
>>>>
>>>> --
>>>>
>>>> jon bennett
>>>> w: http://www.jben.net/
>>>> iChat (AIM): jbendotnet Skype: jon-bennett
>>>>
>>>> >
>>>>
>>>
>>> >
>>>
>>
>>
>>
>> --
>>
>> jon bennett
>> w: http://www.jben.net/
>> iChat (AIM): jbendotnet Skype: jon-bennett
>>
>> >
>>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
