Re: CakePHP Auth Component and Authorization
That's essentially what I'm doing on two web apps. I've got 3 levels
(guest,user,admin) and it seems to work fine for me.
Zoltan
www.nachogrid.ca - Toronto Nachos
On Mar 27, 9:47 pm, Grzesiek <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I`m building simple web app with users, profiles and so on.
>
> I`m using Auth Component for user authentication.
>
> I ran into a problem - how to prevent logged user from i.e. editing
> another user profile?
>
> It turns out that Auth Component is capable of simple authorization
> without the need for complicated ACL stuff.
>
> So I`m doing something like this:
>
> app_controller.php:
>
> $this->Auth->authorize = 'controller';
> function isAuthorized() {
>
> //do not allow user to edit someone`s else profile
> if ($this->action=='edit') {
> if ($this->Auth->user('id') != $this->params['pass'][0]) { return
> false; }
>
> }
>
> return true;
>
> }
>
> My question is: is this correct approach? Maybe I should authorize
> against model? If yes - how would you do it ?
>
> Regards,
> Grzegorz
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: CakePHP Auth Component and Authorization
Browse the acl/auth stuff here as a starting point, look at acl behavior as well: http://groups.google.com/group/cake-php/web/frequent-discussions --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Component and Authorization
On Thu, Mar 27, 2008 at 9:42 PM, Grzesiek <[EMAIL PROTECTED]> wrote: > My question is: is this correct approach? Maybe I should authorize > against model? If yes - how would you do it ? Nothing wrong with your code -- you're correctly saying "if the authorized user's id matches the id we want to edit, then go ahead and let them edit it". Nice and simple. -- Chris Hartjes Internet Loudmouth Motto for 2008: "Moving from herding elephants to handling snakes..." @TheKeyBoard: http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
CakePHP Auth Component and Authorization
Hello,
I`m building simple web app with users, profiles and so on.
I`m using Auth Component for user authentication.
I ran into a problem - how to prevent logged user from i.e. editing
another user profile?
It turns out that Auth Component is capable of simple authorization
without the need for complicated ACL stuff.
So I`m doing something like this:
app_controller.php:
$this->Auth->authorize = 'controller';
function isAuthorized() {
//do not allow user to edit someone`s else profile
if ($this->action=='edit') {
if ($this->Auth->user('id') != $this->params['pass'][0]) { return
false; }
}
return true;
}
My question is: is this correct approach? Maybe I should authorize
against model? If yes - how would you do it ?
Regards,
Grzegorz
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Auth Component and Authorization
Hello,
I`m building simple web app with users, profiles and so on.
I`m using Auth Component for user authentication.
I ran into a problem - how to prevent logged user from i.e. editing
another user profile?
It turns out that Auth Component is capable of simple authorization
without the need for complicated ACL stuff.
So I`m doing something like this:
app_controller.php:
$this->Auth->authorize = 'controller';
function isAuthorized() {
//do not allow user to edit someone`s else profile
if ($this->action=='edit') {
if ($this->Auth->user('id') != $this->params['pass'][0]) { return
false; }
}
return true;
}
My question is: is this correct approach? Maybe I should authorize
against model? If yes - how would you do it ?
Regards,
Grzegorz
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
