I think that would best be left to the controller. Think of what the C in ACL stands for.
To avoid repeating code, create a protected method _changeStatus() and check there if the User is allowed. On Mar 8, 3:39 pm, sawa <sava.ra...@gmail.com> wrote: > Hi, > I was wondering if it's possible to use ACL in model instead of the > controller. > Let's say I have fat models and I have model method change_status. > Now, in my controllers I may invoke $mymodel->change_status on couple > of places and I don't want to check if user is authorized to do > change_status everywhere. Instead of that I want to check if user is > authorized in the model, so when I invoke that method in my > controllers I don't have to worry about forgetting to check user > privileges for that operation. > > Any ideas? Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
