In my setup I have 3 routes set up Admin, Manager, Member. The controllers
each have admin_ manager_ and member_ function / action since each role
plays a different part in the site.
So a member for example can only access member_ functions / actions and I
have in app_controller beforeFilter():
$manager = Configure::read('Routing.manager');
if (isset($this->params[$manager]) && $this->params[$manager]) {
$user_ip = $_SERVER['REMOTE_ADDR'];
if ($this->Session->valid() == true &&
$this->Auth->User('role_id') == '45k6e97e-d974-4f49-8793-2ade4adcd75b') {
$this->layout = 'default_right';
$access = true;
}
}
So if a member tries to access anything not assigned a member function or
not public they are denied access.
My only concern is tht is this safe enough? Is there a way to get around
this approach by messing with the session (my session info is stored in the
db).
Thanks,
Dave
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
