You could add a condition like
'conditions' => array(
'Employee.company_id' => $this->Auth->user('company_id')
)
So when changing the id in the url the application still only allows fetch data
which belongs to the same company..
The same applies for delete, just check before if current
You should check the ACL in the edit controller action before actually doing
anything
/thomas
On 08 Aug 2014, at 22:33, Steve Thomas wrote:
> All the manager would have to do is change the id in the address bar to
> access another user. Possibly a user from a different company which they
>
Thanks Mark,
I am using ACL. So for example, if a role such as a manager can list all
the employees of that company, it also adds the Action links (add) (edit)
(delete). If this manager clicks to edit one of the employee (users), this
is sent to the EDIT view via GET with the user id in the addr
Hey good people
When i test controllers and want to mock certain methods on the controller, i
use ->generate(), but i have to also define components that already are defined
in the controller, and if i want to use the real components i have to stub out
dummy method on the component to make it
>
> Did you ever solve this?
>
Thanks
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To unsubscribe from this group and stop receiving emails
I think you are confusing a few things here.
GET/POST has nothing to do with what pages you can acess.
You should use role (preferred) or row based access control to those forms
and non-public actions.
The type is revelant for what type of action you take.
GET if it does not alter the database (v
I'm wondering what everyone is doing about the default links. I'm setting
up an application that has multiple companies with multiple employees. One
company can't see another companies employees.
However, if a manager can display a list of all their employees and edit
them via GET, they can simp
The issue is that the router adding to the subfolder where the project
resides in and not the root dir which I cant access with routing.
I cant get to the desired page for unauthorized users.
Router::connect('/', array('controller' => 'users', 'action' => 'login'));
this routes to crm/crm/... a
Okay, leave it guys! When I've posted my previous question, I suddenly
realised that my database structure reserved 50 characters for the password
field instead of 60. When changing this, it's all working great. Thanks
anyway!!!
Op vrijdag 8 augustus 2014 12:11:38 UTC+2 schreef Sam Clauw:
>
> A
Aha, a combination of you posts solved this problem ;)
However, I've got another one when trying to log in now. The password
comparing doesn't work. The password values in my database are build up
with the Blowfish hasher. When I'm submitting my login form, it compares
the text value of the pas
10 matches
Mail list logo