Hey,
you could do a quick check whether a record belongs to a user or not
and then redirect him/her or sth like that.
For example, if a user tries to edit it's own record, and the url
would be users/edit/5 (which means you call the action 'edit' in your
user's controller, and the record-id is 5) then you could just do:
$user = $this->User->read(null, $user_id);
if($user['User']['id'] != $this->Auth->user('id')) {
$this->Session->setFlash('This is not your own record!');
$this->redirect(....);
}
If the check passes, you can do everything you want to after that
piece of code.
You could do this with the group_id, too.
I capsulated this into a separated component to secure my app against
URL manipulation, so it would prevent a try to edit a record or any
other action and record that is not accessible for users.
On 15 Jan., 18:58, "Dave" <make.cake.b...@gmail.com> wrote:
> The site I am building has Users which hasOne Role, Role hasMany Users. So
> its pretty simple where Users can only edit/delete thier own info but I need
> to restrict controller actions based on the User.group_id and was wondering
> are there any simple , quick and effective ways to do this? Starting points.
>
> I found the 5 min minimal setup in the bakery but would like something db
> driven, there was StudioCarnada with its version but did not follow its
> logic.
>
> Any ideas or solutions any of you have found worth checking out.
>
> Dave
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
