Quite a few ways to go around it, for example you can create something like
this in your Site model (or even App Model if using $this->alias)
public function belongsToUser($siteId = null, $userId = null) {
$site = $this->find('count', array(
'conditions' => array(
'Site.id' => $siteId,
'Site.user_id' => $userId
)
));
return ($site > 0) ? true : false;
}
Then from your controller you can do something like..
if(! $this->Site->belongsToUser($siteId, $this->Auth->user('id')) {
$this->Session->setFlash(__('Sorry that site does not belong to you'));
return $this->redirect($this->referer());
}
On 29 April 2014 11:08, Gerculy Robert wrote:
> Hi there,
>
> I'm working on a traffic exchange site and since I'm very new I used this
> login script :
> http://miftyisbored.com/a-complete-login-and-authentication-application-tutorial-for-cakephp-2-3/
> Everything works nicely. Based on that code I created a few pages ( Add
> site, List sites, delete sites)
>
> My problem is that anyone can delete the websites.( I'm sure this goes
> with users - not tested yet )
>
> public function delete($id = null) {
>> if (!$id) {
>> $this->Session->setFlash('Please provide a site id');
>> $this->redirect(array('action'=>'index'));
>> }
>>
>> $this->Site->id = $id;
>> if (!$this->Site->exists()) {
>> $this->Session->setFlash('Invalid site id provided');
>> $this->redirect(array('action'=>'index'));
>> }
>> if ($this->Site->saveField('status', 0)) {
>> $this->Session->setFlash(__('Site deleted'));
>> $this->redirect(array('action' => 'index'));
>> }
>> $this->Session->setFlash(__('Site was not deleted'));
>> $this->redirect(array('action' => 'index'));
>> }
>>
>
> This is the code. I tried adding a condition but couldn't make it work.
> I also tried a very old solution :
>
> if($this->Site->user = $this->Session->read('Auth.User.id')){
>>
>> // code
>>
>> }else{
>> echo"die";
>> }
>>
>
> But another fail.
>
>
> --
> Like Us on FaceBook https://www.facebook.com/CakePHP
> Find us on Twitter http://twitter.com/CakePHP
>
> ---
> You received this message because you are subscribed to the Google Groups
> "CakePHP" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cake-php+unsubscr...@googlegroups.com.
> To post to this group, send email to cake-php@googlegroups.com.
> Visit this group at http://groups.google.com/group/cake-php.
> For more options, visit https://groups.google.com/d/optout.
>
--
Kind Regards
Stephen Speakman
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.