In my setup I have 3 routes set up Admin, Manager, Member. The controllers each have admin_ manager_ and member_ function / action since each role plays a different part in the site.
So a member for example can only access member_ functions / actions and I have in app_controller beforeFilter(): $manager = Configure::read('Routing.manager'); if (isset($this->params[$manager]) && $this->params[$manager]) { $user_ip = $_SERVER['REMOTE_ADDR']; if ($this->Session->valid() == true && $this->Auth->User('role_id') == '45k6e97e-d974-4f49-8793-2ade4adcd75b') { $this->layout = 'default_right'; $access = true; } } So if a member tries to access anything not assigned a member function or not public they are denied access. My only concern is tht is this safe enough? Is there a way to get around this approach by messing with the session (my session info is stored in the db). Thanks, Dave
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en