On Thu, Jan 07, 2010 at 02:49:36PM -0500, Greg Schmidt wrote:
The second most common option is for the various controllers to do their own security checking (using the tools provided by CakePHP). This is perhaps the closest to how Leaguerunner currently works, but there are problems with this. In particular, the code for things like checking whether the current user is allowed to see another person's contact information is quite complex.
I think it's probably best to have the controllers perform their own checking. The player contact info permission-checking code is going to be quite complex anyway, regardless of how it's implemented.
The third method is to use CakePHP's ACL (access control list) component.
I haven't looked at Cake's ACL stuff yet, but based on your description of it, I think it's a non-starter, at least at this point. The entire point of switching to CakePHP is to make things simpler, after all.
Cheers, Dave _______________________________________________ Leaguerunner mailing list [email protected] http://www.dmo.ca/cgi-bin/mailman/listinfo/leaguerunner
