Re: Limit output from DB based on user_id
Hi and thanks for replies Ok, that was what I was thinking. Now, perhaps you could give me a hand on the best practice on a more advanced ownership of rows!?! I am looking to "lock" down the db queries as much as possible, only displaying the results that belongs to a user. My app is built like this: DB: - team id, name, user_id (what user it belongs to) - user id, name++, team_id (what team the user owns) models are associated with each other. routes: domain.com team1.domain.com team2.domain.com domain.com/admin & team*.domain.com/admin Controllers: teams_controller users_controller Now, I will try to explain: - When a visistor visit domain.com, there is a "regular" website, with some blablabla, and a list of teams. - Visitor visit team1.domain.com, there is a website for the team1 (using their selected theme and so on) - Visitor visit */admin, there is a admin area for team-owners (select theme, write their content and so on) Perhaps you could suggest any approach/best practice to "lock" down the db access on these areas? Example, when visitor visits team*.domain.com, every single db request should be using the teamID (there are more tables/rows that have team_id) What is the best approach to get this id from db? ID WHERE teamname == team1 ? bootstrap? Routes? And where to save it to use in every other find request in controllers - Was thinking sessions? and destroy the session, and create a new one if user visits another team or the mainpage ? What do you think? Same goes for admin, the best place to save the teamID, to use in all controllers (write to config? Session?) I am not sure how to proceed to really lock it down, so that teamID only values are pulled from DB, and to completely remove the chance that other team owners/visitors get access to other team information without visiting their website/admin panel login. Yet again! Thanks for any and all help on this ;) Kind regards! -Tom -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Limit output from DB based on user_id
Maybe something like... $this->[ModelName]->find('all', array('conditions' => array([ModelName].user_id => $this->Session->read('Auth.User.id'))); -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Limit output from DB based on user_id
@see Display only the user’s own posts http://www.dereuromark.de/2011/10/05/common-cakephp-problems-and-solutions/ or what do you mean? just make sure you include the user_id condition in all your find queries On 17 Okt., 20:56, MetZ wrote: > Hi. > > I am wondering how I can go about to limit/lock the db requests to > ONLY allow db rows that have the user_id = session user_id ? > > Example: if a table row has another user_id than Session logged in id, > then the controller will not touch this row at all. > > I have several controllers that I want to lock-down this way to make > sure that no users get access to other users db values/contents. > > Any suggestions on how I go about doing this?? > > Thanks all for your time! You are indeed awesome ;) > > -Tom -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Limit output from DB based on user_id
Hi. I am wondering how I can go about to limit/lock the db requests to ONLY allow db rows that have the user_id = session user_id ? Example: if a table row has another user_id than Session logged in id, then the controller will not touch this row at all. I have several controllers that I want to lock-down this way to make sure that no users get access to other users db values/contents. Any suggestions on how I go about doing this?? Thanks all for your time! You are indeed awesome ;) -Tom -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php