Re: CakePHP Auth Component and Authorization
That's essentially what I'm doing on two web apps. I've got 3 levels (guest,user,admin) and it seems to work fine for me. Zoltan www.nachogrid.ca - Toronto Nachos On Mar 27, 9:47 pm, Grzesiek <[EMAIL PROTECTED]> wrote: > Hello, > > I`m building simple web app with users, profiles and so on. > > I`m using Auth Component for user authentication. > > I ran into a problem - how to prevent logged user from i.e. editing > another user profile? > > It turns out that Auth Component is capable of simple authorization > without the need for complicated ACL stuff. > > So I`m doing something like this: > > app_controller.php: > > $this->Auth->authorize = 'controller'; > function isAuthorized() { > > //do not allow user to edit someone`s else profile > if ($this->action=='edit') { > if ($this->Auth->user('id') != $this->params['pass'][0]) { return > false; } > > } > > return true; > > } > > My question is: is this correct approach? Maybe I should authorize > against model? If yes - how would you do it ? > > Regards, > Grzegorz --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: CakePHP Auth Component and Authorization
Browse the acl/auth stuff here as a starting point, look at acl behavior as well: http://groups.google.com/group/cake-php/web/frequent-discussions --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth Component and Authorization
On Thu, Mar 27, 2008 at 9:42 PM, Grzesiek <[EMAIL PROTECTED]> wrote: > My question is: is this correct approach? Maybe I should authorize > against model? If yes - how would you do it ? Nothing wrong with your code -- you're correctly saying "if the authorized user's id matches the id we want to edit, then go ahead and let them edit it". Nice and simple. -- Chris Hartjes Internet Loudmouth Motto for 2008: "Moving from herding elephants to handling snakes..." @TheKeyBoard: http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
CakePHP Auth Component and Authorization
Hello, I`m building simple web app with users, profiles and so on. I`m using Auth Component for user authentication. I ran into a problem - how to prevent logged user from i.e. editing another user profile? It turns out that Auth Component is capable of simple authorization without the need for complicated ACL stuff. So I`m doing something like this: app_controller.php: $this->Auth->authorize = 'controller'; function isAuthorized() { //do not allow user to edit someone`s else profile if ($this->action=='edit') { if ($this->Auth->user('id') != $this->params['pass'][0]) { return false; } } return true; } My question is: is this correct approach? Maybe I should authorize against model? If yes - how would you do it ? Regards, Grzegorz --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth Component and Authorization
Hello, I`m building simple web app with users, profiles and so on. I`m using Auth Component for user authentication. I ran into a problem - how to prevent logged user from i.e. editing another user profile? It turns out that Auth Component is capable of simple authorization without the need for complicated ACL stuff. So I`m doing something like this: app_controller.php: $this->Auth->authorize = 'controller'; function isAuthorized() { //do not allow user to edit someone`s else profile if ($this->action=='edit') { if ($this->Auth->user('id') != $this->params['pass'][0]) { return false; } } return true; } My question is: is this correct approach? Maybe I should authorize against model? If yes - how would you do it ? Regards, Grzegorz --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---