Is admin_ prefix a security or just convenient?
I understand a user can not directly access mysite.com/users/admin_index Instead they go to mysite.com/admin/users/index But, is there any automatic security checking? Because anyone can type in mysite.com/admin/users/index Is it still up to the UsersController to filter out unauthorized users? such as have an IsAuthorized setting, or the function admin_index still needs to check the user's privileges and reject the request if the user doesn't have admin privs? In which case I don't see the advantage of using the admin_ prefix. Seems like a big security problem if every controller function needs to check the user's privileges. Is there a better way I'm missing? Can IsAuthorized somehow say only admin users are allowed to run admin functions? -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
List of all Users belonging to Company?
I have a Model of Users, and a Model of Companies each User belongs to a Company: public $belongsTo = 'Company'; each Company has many Users: public $hasMany = 'User'; A user logs in. It's an ordinary user (not an administrator). I'm in the UsersController.php, function index, and I want to display only other users that belong to the same company the logged in user belongs to. How do I fetch that info? e.g. $this->set('users', $this->Paginator->paginate()); will display *all* users. Suitable for admin users, not for regular users. How do I restrict the list of users to only users belonging to the same company the user belongs to? -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.