I'd go with both: it's never good to rely on hiding things from the UI -- if you actually fatten up your model (like you should) to include a check for current user id, you'll be safer in the long run.
On Wed, Jul 8, 2009 at 8:33 PM, brian<bally.z...@gmail.com> wrote: > > I agree with Jon about the "buy" button. But don't exclude the User.id > from the find() or you'll confuse people who can't see their own > products. > > On Wed, Jul 8, 2009 at 8:04 PM, Jon Bennett<jmbenn...@gmail.com> wrote: >> >>> I'd put the code deeper, in the Order (or even Cart if you've using a >>> cart metaphor) model in the beforeSave() callback or perhaps as a >>> validation rule to prevent purchases for those link directly to the >>> product. >> >> Yep, good idea, but also a good idea to simply not show active users >> their own items. Or not show the add to basket (or similar) button if >> the item has a user_id that matches. >> >> j >> >>> >>> On Wed, Jul 8, 2009 at 6:32 PM, Jon Bennett<jmbenn...@gmail.com> wrote: >>>> >>>>> I have question on the best way of applying rules to types of actions >>>>> on certain models with ownership properties. The application I'm >>>>> building is a type of market place application where users are selling >>>>> many items and others can bid on them and buy them. >>>>> >>>>> I understand that ACL is best for giving permission for request >>>>> objects to access control objects. >>>>> >>>>> Where and how is the best way to implement the rule such that I can >>>>> buy anyone's stuff but my own? Does ACL have support for complex >>>>> rules on access? >>>>> >>>>> The models look like this: >>>>> User hasMany Item >>>>> Item belongsTo User >>>> >>>> Why not exclude the active (signed in) users id when retrieving items? >>>> >>>> $items = $this->Item->find('all', array( >>>> 'conditions'=>array('Item.user_id !'=>$this->Auth->user('id')) >>>> )); >>>> >>>> hth >>>> >>>> Jon >>>> >>>> -- >>>> >>>> jon bennett >>>> w: http://www.jben.net/ >>>> iChat (AIM): jbendotnet Skype: jon-bennett >>>> >>>> > >>>> >>> >>> > >>> >> >> >> >> -- >> >> jon bennett >> w: http://www.jben.net/ >> iChat (AIM): jbendotnet Skype: jon-bennett >> >> > >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---