Re: filtering model result bases on user rights
Sorry for my late respons, I would have expected a notification when someone replies to my post. I solved the problem using joins, like Zaky suggested. I use the beforeFind method in my docs model to modify the select query. It adds the join and some extra criteria, so that the model cannot return a doc where a user has no rights to. On Sep 16, 5:28 am, Zaky Katalan-Ezra wrote: > For the list result you join docs and docs token and check that the user > tokens are IN the join result. > To prevent url changes I suggest > 1. use uuid as document id. > 2. Create a function in the database that take user_id and doc_id and return > true/false > Call this function in documents/view or edit. > > > > On Thu, Sep 15, 2011 at 5:59 PM, Timmay wrote: > > the example I gave is a simplified version of the real situation. > > > The real situation is that a user has two sets of tokens (lets say A > > and B). > > These properties are stored in another table, named user_tokens. > > > A document also has two sets of tokens (lets also call them A and B). > > These properties are stored in a table 'document_tokens'. > > > A user is allowed to see the document if: > > the user and the document have at least one token in set A in common > > and > > the user and the document have at least one token in set B in common. > > > On Sep 15, 10:42 am, Zaky Katalan-Ezra wrote: > > > How do you save the permissions in the database? > > > > On Thu, Sep 15, 2011 at 10:53 AM, Timmay wrote: > > > > Hi all, > > > > > I'm working on a multi user website with a collection of documents. > > > > Every user is only allowed to see a subset of the documents. > > > > > I want the Documents model to only return the documents that a user is > > > > allowed to see. > > > > If a users requests one particular document, and he doesn't have > > > > rights to see the document (e.g. he modified the url), I want the > > > > model to return nothing. > > > > > Is there an easy way to achieve this? > > > > > -- > > > > Our newest site for the community: CakePHP Video Tutorials > > > >http://tv.cakephp.org > > > > Check out the new CakePHP Questions sitehttp://ask.cakephp.organdhelp > > > > others with their CakePHP related questions. > > > > > To unsubscribe from this group, send email to > > > > cake-php+unsubscr...@googlegroups.com For more options, visit this > > group > > > > athttp://groups.google.com/group/cake-php > > > > -- > > > Regards, > > > Zaky Katalan-Ezra > > > QA Administratorwww.IGeneriX.com > > > Sites.IGeneriX.com > > > 054-7762312 > > > -- > > Our newest site for the community: CakePHP Video Tutorials > >http://tv.cakephp.org > > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help > > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > > cake-php+unsubscr...@googlegroups.com For more options, visit this group > > athttp://groups.google.com/group/cake-php > > -- > Regards, > Zaky Katalan-Ezra > QA Administratorwww.IGeneriX.com > Sites.IGeneriX.com > 054-7762312 -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: filtering model result bases on user rights
Can you give us an overview of how you have declared the relationships of those 4 tables? I.e. r u using HABTM or hasMany <-> belongsTo? On Sep 16, 4:28 am, Zaky Katalan-Ezra wrote: > For the list result you join docs and docs token and check that the user > tokens are IN the join result. > To prevent url changes I suggest > 1. use uuid as document id. > 2. Create a function in the database that take user_id and doc_id and return > true/false > Call this function in documents/view or edit. > > > > > > > > > > On Thu, Sep 15, 2011 at 5:59 PM, Timmay wrote: > > the example I gave is a simplified version of the real situation. > > > The real situation is that a user has two sets of tokens (lets say A > > and B). > > These properties are stored in another table, named user_tokens. > > > A document also has two sets of tokens (lets also call them A and B). > > These properties are stored in a table 'document_tokens'. > > > A user is allowed to see the document if: > > the user and the document have at least one token in set A in common > > and > > the user and the document have at least one token in set B in common. > > > On Sep 15, 10:42 am, Zaky Katalan-Ezra wrote: > > > How do you save the permissions in the database? > > > > On Thu, Sep 15, 2011 at 10:53 AM, Timmay wrote: > > > > Hi all, > > > > > I'm working on a multi user website with a collection of documents. > > > > Every user is only allowed to see a subset of the documents. > > > > > I want the Documents model to only return the documents that a user is > > > > allowed to see. > > > > If a users requests one particular document, and he doesn't have > > > > rights to see the document (e.g. he modified the url), I want the > > > > model to return nothing. > > > > > Is there an easy way to achieve this? > > > > > -- > > > > Our newest site for the community: CakePHP Video Tutorials > > > >http://tv.cakephp.org > > > > Check out the new CakePHP Questions sitehttp://ask.cakephp.organdhelp > > > > others with their CakePHP related questions. > > > > > To unsubscribe from this group, send email to > > > > cake-php+unsubscr...@googlegroups.com For more options, visit this > > group > > > > athttp://groups.google.com/group/cake-php > > > > -- > > > Regards, > > > Zaky Katalan-Ezra > > > QA Administratorwww.IGeneriX.com > > > Sites.IGeneriX.com > > > 054-7762312 > > > -- > > Our newest site for the community: CakePHP Video Tutorials > >http://tv.cakephp.org > > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help > > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > > cake-php+unsubscr...@googlegroups.com For more options, visit this group > > athttp://groups.google.com/group/cake-php > > -- > Regards, > Zaky Katalan-Ezra > QA Administratorwww.IGeneriX.com > Sites.IGeneriX.com > 054-7762312 -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: filtering model result bases on user rights
For the list result you join docs and docs token and check that the user tokens are IN the join result. To prevent url changes I suggest 1. use uuid as document id. 2. Create a function in the database that take user_id and doc_id and return true/false Call this function in documents/view or edit. On Thu, Sep 15, 2011 at 5:59 PM, Timmay wrote: > the example I gave is a simplified version of the real situation. > > The real situation is that a user has two sets of tokens (lets say A > and B). > These properties are stored in another table, named user_tokens. > > A document also has two sets of tokens (lets also call them A and B). > These properties are stored in a table 'document_tokens'. > > A user is allowed to see the document if: > the user and the document have at least one token in set A in common > and > the user and the document have at least one token in set B in common. > > > On Sep 15, 10:42 am, Zaky Katalan-Ezra wrote: > > How do you save the permissions in the database? > > > > > > > > On Thu, Sep 15, 2011 at 10:53 AM, Timmay wrote: > > > Hi all, > > > > > I'm working on a multi user website with a collection of documents. > > > Every user is only allowed to see a subset of the documents. > > > > > I want the Documents model to only return the documents that a user is > > > allowed to see. > > > If a users requests one particular document, and he doesn't have > > > rights to see the document (e.g. he modified the url), I want the > > > model to return nothing. > > > > > Is there an easy way to achieve this? > > > > > -- > > > Our newest site for the community: CakePHP Video Tutorials > > >http://tv.cakephp.org > > > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help > > > others with their CakePHP related questions. > > > > > To unsubscribe from this group, send email to > > > cake-php+unsubscr...@googlegroups.com For more options, visit this > group > > > athttp://groups.google.com/group/cake-php > > > > -- > > Regards, > > Zaky Katalan-Ezra > > QA Administratorwww.IGeneriX.com > > Sites.IGeneriX.com > > 054-7762312 > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group > at http://groups.google.com/group/cake-php > -- Regards, Zaky Katalan-Ezra QA Administrator www.IGeneriX.com Sites.IGeneriX.com 054-7762312 -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: filtering model result bases on user rights
the example I gave is a simplified version of the real situation. The real situation is that a user has two sets of tokens (lets say A and B). These properties are stored in another table, named user_tokens. A document also has two sets of tokens (lets also call them A and B). These properties are stored in a table 'document_tokens'. A user is allowed to see the document if: the user and the document have at least one token in set A in common and the user and the document have at least one token in set B in common. On Sep 15, 10:42 am, Zaky Katalan-Ezra wrote: > How do you save the permissions in the database? > > > > On Thu, Sep 15, 2011 at 10:53 AM, Timmay wrote: > > Hi all, > > > I'm working on a multi user website with a collection of documents. > > Every user is only allowed to see a subset of the documents. > > > I want the Documents model to only return the documents that a user is > > allowed to see. > > If a users requests one particular document, and he doesn't have > > rights to see the document (e.g. he modified the url), I want the > > model to return nothing. > > > Is there an easy way to achieve this? > > > -- > > Our newest site for the community: CakePHP Video Tutorials > >http://tv.cakephp.org > > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help > > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > > cake-php+unsubscr...@googlegroups.com For more options, visit this group > > athttp://groups.google.com/group/cake-php > > -- > Regards, > Zaky Katalan-Ezra > QA Administratorwww.IGeneriX.com > Sites.IGeneriX.com > 054-7762312 -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: filtering model result bases on user rights
How do you save the permissions in the database? On Thu, Sep 15, 2011 at 10:53 AM, Timmay wrote: > Hi all, > > I'm working on a multi user website with a collection of documents. > Every user is only allowed to see a subset of the documents. > > I want the Documents model to only return the documents that a user is > allowed to see. > If a users requests one particular document, and he doesn't have > rights to see the document (e.g. he modified the url), I want the > model to return nothing. > > Is there an easy way to achieve this? > > > > > > > > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group > at http://groups.google.com/group/cake-php > -- Regards, Zaky Katalan-Ezra QA Administrator www.IGeneriX.com Sites.IGeneriX.com 054-7762312 -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
filtering model result bases on user rights
Hi all, I'm working on a multi user website with a collection of documents. Every user is only allowed to see a subset of the documents. I want the Documents model to only return the documents that a user is allowed to see. If a users requests one particular document, and he doesn't have rights to see the document (e.g. he modified the url), I want the model to return nothing. Is there an easy way to achieve this? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php