subject:"Limit output from DB based on user

Re: Limit output from DB based on user_id

2011-10-18 Thread MetZ


Hi and thanks for replies

Ok, that was what I was thinking. Now, perhaps you could give me a
hand on the best practice on a more advanced ownership of rows!?!

I am looking to "lock" down the db queries as much as possible, only
displaying the results that belongs to a user.

My app is built like this:

DB:
 - team
id, name, user_id (what user it belongs to)

- user
 id, name++, team_id (what team the user owns)

models are associated with each other.

routes:
domain.com
team1.domain.com
team2.domain.com
domain.com/admin & team*.domain.com/admin

Controllers:
teams_controller
users_controller


Now, I will try to explain:
- When a visistor visit domain.com, there is a "regular" website, with
some blablabla, and a list of teams.
- Visitor visit team1.domain.com, there is a website for the team1
(using their selected theme and so on)
- Visitor visit */admin, there is a admin area for team-owners (select
theme, write their content and so on)

Perhaps you could suggest any approach/best practice to "lock" down
the db access on these areas?
Example, when visitor visits team*.domain.com, every single db request
should be using the teamID (there are more tables/rows that have
team_id)
What is the best approach to get this id from db? ID WHERE teamname ==
team1 ? bootstrap? Routes?
And where to save it to use in every other find request in controllers
- Was thinking sessions? and destroy the session, and create a new one
if user visits another team or the mainpage ?

What do you think?

Same goes for admin, the best place to save the teamID, to use in all
controllers (write to config? Session?)


I am not sure how to proceed to really lock it down, so that teamID
only values are pulled from DB, and to completely remove the chance
that other team owners/visitors get access to other team information
without visiting their website/admin panel login.

Yet again!
Thanks for any and all help on this ;)

Kind regards!
-Tom



-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Limit output from DB based on user_id

2011-10-17 Thread zuha

Maybe something like...

$this->[ModelName]->find('all', array('conditions' => 
array([ModelName].user_id => $this->Session->read('Auth.User.id')));

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Limit output from DB based on user_id

2011-10-17 Thread euromark

@see Display only the user’s own posts
http://www.dereuromark.de/2011/10/05/common-cakephp-problems-and-solutions/
or what do you mean?

just make sure you include the user_id condition in all your find
queries


On 17 Okt., 20:56, MetZ  wrote:
> Hi.
>
> I am wondering how I can go about to limit/lock the db requests to
> ONLY allow db rows that have the user_id = session user_id ?
>
> Example: if a table row has another user_id than Session logged in id,
> then the controller will not touch this row at all.
>
> I have several controllers that I want to lock-down this way to make
> sure that no users get access to other users db values/contents.
>
> Any suggestions on how I go about doing this??
>
> Thanks all for your time! You are indeed awesome ;)
>
> -Tom

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Limit output from DB based on user_id

2011-10-17 Thread MetZ

Hi.

I am wondering how I can go about to limit/lock the db requests to
ONLY allow db rows that have the user_id = session user_id ?

Example: if a table row has another user_id than Session logged in id,
then the controller will not touch this row at all.

I have several controllers that I want to lock-down this way to make
sure that no users get access to other users db values/contents.

Any suggestions on how I go about doing this??

Thanks all for your time! You are indeed awesome ;)

-Tom

-- 
Our newest site for the community: CakePHP Video Tutorials 
http://tv.cakephp.org 
Check out the new CakePHP Questions site http://ask.cakephp.org and help others 
with their CakePHP related questions.


To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at 
http://groups.google.com/group/cake-php

Re: Limit output from DB based on user_id

Re: Limit output from DB based on user_id

Re: Limit output from DB based on user_id

Limit output from DB based on user_id

4 matches

Site Navigation

Mail list logo

Footer information